mirrors/vm
2
0
Fork 0
mirror of https://github.com/nextcloud/vm.git synced 2025-10-26 11:27:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove unessecary files and folders

Browse Source 
Signed-off-by: Daniel Hansson <your.name@domain.com>
This commit is contained in:
Daniel Hansson 2024-05-07 18:54:04 +02:00
parent fa26666385
commit 4d9b13d7e9
45 changed files with 0 additions and 12215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

478
CHANGELOG.md
View File

@ -1,478 +0,0 @@
### Download can be found here: https://www.hanssonit.se/nextcloud-vm/
**Please note that BOTH disks need to be imported for the VM to function properly.**
- Check the latest commits here: https://github.com/nextcloud/vm/commits/main
- Documentation can be found here: https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration
PR's are more than welcome. Happy Nextclouding!
### Different versions
If you run Hyper-V or want 500 GB, 1 TB or 2 TB VM you can download it from [T&M Hansson IT's shop](https://shop.hanssonit.se/product-category/virtual-machine/nextcloud/).
## All future releases
### Full changelog:
- [VM](https://github.com/nextcloud/vm/releases/)
- [Nextcloud](https://nextcloud.com/changelog/)
## 26.0.0
### Full changelog:
- [VM](https://github.com/nextcloud/vm/releases/tag/26.0.0)
- [Nextcloud](https://nextcloud.com/changelog/#latest26)
## 25.0.2
### Small changelog:
- Drop all tables from FTS when reinstalling to avoid leftovers
- Make Talk security optional. Should work out of the box on all scenarios now.
- Previewgenerator and Webmin are no longer default apps during installation
- Support really old versions when migrating/upgrading Nextcloud
- Improve some scripts and other stuff in the `not-supported` folder
- Minor bugfixes and improvements
- And more...
### Full changelog:
- [https://github.com/nextcloud/vm/compare/24.0.5..25.0.2](https://github.com/nextcloud/vm/compare/24.0.5..25.0.2)
- [https://nextcloud.com/changelog/#latest25](https://nextcloud.com/changelog/#latest25)
## 24.0.5
### Small changelog:
- Update Fail2ban with a better regex
- Fix FTS, and make sure it's gone when removed (even DB)
- Make Talk installable again by fixing source-repos and some tweaks to the script
- Fix dependencies for Bitwarden
- Improve the port checking function (for checking open ports)
- Allow `NCDATA` to be other than default when checking for Nextcloud version (`lowest_compatible_version()`)
- Upgrade Realtek firmware drivers for the Home/SME Nextcloud server
- Add Googles DNS as an option (user request)
- Always recover old Nextcloud apps, even if app store is broken
- Remove some legacy code
- Improve backup scripts and other stuff in the `not-supported` folder
- Ubuntu 22.04 reached its first maintenance release, consider it 100% stable.
- And more...
### Full changelog:
- [https://github.com/nextcloud/vm/compare/24.0.1..24.0.5](https://github.com/nextcloud/vm/compare/24.0.1..24.0.5)
- [https://nextcloud.com/changelog/#latest24](https://nextcloud.com/changelog/#latest24)
## 24.0.1
This release is quite huge, including Ubuntu 22.04 (minimal), PHP-FPM 8.1, and PosgreSQL 14.
### Small changelog:
- Prefer use of local lib file
- Add `addons/fix_invalid_modification_time.sh`
- Use minimal OS, instead of full blown. Install only needed dependecies.
- Deprecate Ubuntu 18.04
- Upgrade to Ubuntu 22.04
- Upgrade to PHP 8.1
- Upgrade to PostgreSQL 14
- Upgrade Documentserver scripts to work with the new Docker images
- Deprectae `apt-key` and introduce a new and better way for adding keys
- Make the menu update option default. It first upgrades minor, then asks for major if applicable
- Only clean disk if it's 70% full and/or less than 100 GB left
- Remove legacy code
- Make it possible to add your own DNS servers during installation (not setup)
- Do not ask for password change if it differs from default, since that means you probably already set your own password
- Make it possible to add your own GUI user during installation
- Change DH-param instead of DSA-param
- Make Talk a bit safer
- Minor bugfixes and improvements
- Updated geoblock database
- Fixed a few backup related details
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/23.0.2..24.0.1
- https://nextcloud.com/changelog/#latest24
## 24.0.0.1
### This is a pre-release. Available as a VM, but only the free 40 GB version.
### Full changelog:
- https://github.com/nextcloud/vm/compare/24.0.0..24.0.0.1
- https://nextcloud.com/changelog/#latest24
## 24.0.0
### This is a pre-release. Only available in master.
### Full changelog:
- https://github.com/nextcloud/vm/compare/23.0.2..24.0.0
- https://nextcloud.com/changelog/#latest24
## 23.0.2
### Small changelog:
- Change to another Full Text Search implementation
- Improve deSEC functions
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/23.0.1..23.0.2
- https://nextcloud.com/changelog/#latest23
## 23.0.1
### Small changelog:
- Fixed all the bugs with the old release (23.0.0)
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/23.0.0..23.0.1
- https://nextcloud.com/changelog/#latest23
## 23.0.0
### Small changelog:
- Change from lool to cool for Collabora
- Make it possible to ugrade NIC-firmware from all old releases ([Home/SME server](https://shop.hanssonit.se/product-category/nextcloud/home-sme-server/))
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/22.2.2..23.0.0
- https://nextcloud.com/changelog/#latest23
## 22.2.2
### Small changelog:
- Change to AllowOverride None for Apache and include .htaccess instead (speeds up I/O)
- Change IPv4 check (WANIP4)
- Set productname
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/22.2.0..22.2.2
- https://nextcloud.com/changelog/#latest22
## 22.2.0
### Small changelog:
- Upgrade Home/SME server NIC firmware
- Add NVMe to format disk
- Change keyserver
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/22.1.1..22.2.0
- https://nextcloud.com/changelog/#latest22
## 22.1.1
### Small changelog:
- Remove Group Folders in the standard installation
- Improved deSEC and added support for existing accounts
- Improved SPAMHAUS rules and script
- Show the hostname when notifying - better if you run multiple servers
- Only update update script if it's older than 120 days
- Changed to EDCSA for certbot (TLS)
- Add script for removal or deSEC + subdomain
- Make deSEC a menu instead
- Crucial fixes for the new PN51 network drivers
- Update script - only update the updatenotification script if a new Nextcloud update is available
- Updated and renamed Bitwarden RS to Vaultwarden
- Updated geoblock database - August 2021
- Update script - don't execute the update before all cronjobs are finished
- Always create a backup before updating
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/22.0.0..22.1.1
- https://nextcloud.com/changelog/#latest22
## 22.0.0
### Small changelog:
- Add SMTP2GO to SMTP-Relay
- Remove APCu and replace with Redis instead
- Made it possible to add subdomains to deSEC
- Improved spinner_loading
- Added dates to automatic updates log
- Added regular ZFS snapshot prune
- Added retention for Nextclouds user activities
- Previewgenerator - allow to clear all previews
- Update script - update Nextclouds mimetype list
- Moved mimteype update to nextcloud_configuration menu
- Reworked office scripts
- Update script - change crontab on all installations to 5 minutes
- Fixed a bug with Netdata
- Geoblock - updated link to csv file
- Refactored the bitwarden_mailconfig script
- Added more functionality to curl_to_dir
- Docker documentserver - don't restart docker daemon upon installation
- Restart notify push in some situations
- Make sure sudo and software-properties-common is installed
- Fixed password generation in edge cases
- Reworked the cookielifetime script
- Updated geoblock database - June 2021
- Added option to check for 0-byte files
- Changed from apt to apt-get
- Simplified ClamAV notifications and small fix to fail2ban notification
- Harden-SSH script - allow to set up 2FA authentication
- SMB-server - added option to automatically empty recylce bins
- SMB-server - added option to empty all recycle bins
- SMB-server - Create the files directory for new users directly during the user creation
- Reworked system-restore
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/21.0.2..22.0.0
- https://nextcloud.com/changelog/#latest22
## 21.0.2
### Small changelog:
- Make it possible to choose port for public access in the deSEC setup (only when you choose TLS)
- Fix bugs with the deSEC script
- Avoid ending up in a loop in the deSEC script
- It's now possible to check for NONO ports with a function
- Loop port selection in the Talk script
- Move backups location to /mnt/NCBACKUPS and delete backups from last year
- Tune chunking in GUI uploads
- Clean up some more scripts in the end of each setup
- Add the Azure kernel for Hyper-V VMs
- Shorten the time files are stored in trashbin (can still be configured)
- Escape all Apache Log dirs correctly
- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported)
- Minor bugfixes and improvements
- And more...
### Full changelog:
- https://github.com/nextcloud/vm/compare/21.0.1..21.0.2
- https://nextcloud.com/changelog/#latest21
## 21.0.1
### Small changelog:
- Add TLS with DNS and deSEC. It's now possible to get DNS from a local machine without any open ports!
- ClamAV - give the daemon more time to start
- SMB-server - completely rework how directories get mounted to Nextcloud
- SMTP-mail - add providers
- Create a script for the Pico CMS Nextcloud app
- Add a Firewall script to the not-supported folder
- Add SSH hardening
- Add deSEC magic
- S.M.A.R.T. Monitoring - test drives directly
- Add a script for the Facerecognition Nextcloud app
- ClamAV - improve weekly full-scan tremendously
- Update geoblock database - april
- Speed up the network check if the network already works
- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported)
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/21.0.0..21.0.1
- https://nextcloud.com/changelog/#latest21
## 21.0.0
### Small changelog:
- Added Push Notifications for Nextcloud (`High Performance Backend for Nextcloud files`)
- Added Whiteboard for Nextcloud (`New in Nextcloud 21`)
- Moved Extract for Nextcloud to its own script
- Add phone region (new in 21)
- Made sure that all docker containers only listen on localhost
- Improve Strict Transport Security in TLS
- DDclient - added No-IP
- Updated geoblock database files
- Avoid double crontabs when reexecuting some scripts
- Don't enable disabled apps after update
- Geoblock - allow some IP-addresses by default
- Fix watchtower updates
- Geoblock - add Let's Encrypt advice
- Fix upgrade.disable-web
- Don't break update when enabling app
- Fix not enabled PECL extensions
- Prevent apps from breaking the update due to incompatibility
- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported)
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.7..21.0.0
- https://nextcloud.com/changelog/#latest21
## 20.0.7
### Small changelog:
- Ask to get the latest `update.sh` script when running updates from `menu.sh`
- Allow to reinstall Bitwarden RS also if local files are present
- Updated geoblock database files
- Made some enhancements to scripts in the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported)
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.5..20.0.7
- https://nextcloud.com/changelog/#latest20
## 20.0.5
### Small changelog:
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.4..20.0.5
- https://nextcloud.com/changelog/#latest20
## 20.0.4
### Major changes:
- We upgraded the compatibility for VMware. More info [here](https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration). Changes are based on [this](https://github.com/nextcloud/vm/issues/1358) issue.
### Small changelog:
- Happy new year!
- Add ban notifications to Fail2ban
- Remove unattended upgrades to improve stability (we have our own auto updater)
- Fixes to the SMB Mount script
- Fixes to DDclient
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.3..20.0.4
- https://nextcloud.com/changelog/#latest20
## 20.0.3
### Small changelog:
- Allow to choose between latest version or not
- Always run the permissions script
- Don't allow MariaDB specifically
- Fix PHP error message from Redis
- Fix grammar and spelling
- Update geoblock files
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.2..20.0.3
- https://nextcloud.com/changelog/#latest20
## 20.0.2
### Small changelog:
- Fixed bugs with the `--provisioning` flag
- Updated geoblock.sh to get rid of jq
- Added a script-explainer to nextcloud_install_production.sh
- ClamAV - added a mechanism to inform about found files
- Fixed a bug in midnight-commander.sh
- Created smart-monitoring.sh to allow continuously smart checking
- Switched from Travis to Github Actions
- Added Reviewdog
- Improved previewgenerator
- Made some SC rules global
- Fixed some problems with wrong ownership of /mnt/ncdata
- Fixed link in startup-script
- Fixed ClamAV-Fullscan
- Added apt over https
- Further improved ClamAV
- Allow to reinstall automatic updates
- Improved partition check during the install-script
- Fixed some typo's
- Added more options to the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) and made some enhancements
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.1..20.0.2
- https://nextcloud.com/changelog/#latest20
## 20.0.1
### Small changelog:
- Made the setup of SMTP-mail more reliable
- Added a switch to the install-script to enable automatic provisioning of new releases
- Changed occ_command to nextcloud_occ to simplify copy and paste between scripts and CLI
- Improved the logging for SMTP-mail
- Added deSEC to DDclient-configuration
- Implemented an option to create LVM snapshots during the update script for certain instances
- Don't clear the CLI history anymore to simplify debugging
- Created geblock.sh in order to allow access from configured countries and/or continents
- Made it more clear that a Nextcloud update started
- Added DuckDNS to DDclient-configuration
- Fixed an incorrect OnlyOffice-URL
- Improved the guidance how to control whiptails
- Added some popups that explain the Additional Apps Menu and Server Configuration Menu during the startup script
- Switched to TLS1.3 for new website-configurations on Ubuntu 20.04
- Added a mechanism to update geoblock database file and added the geoblockdat folder to the repository
- SMTP-mail: allow to cancel the removal of configurations and packets if the testmail fails in order to simplify debugging
- Made BPYTOP its own script
- Standardized the usage of the word CLI
- Made Midnight Commander its own script
- Updated all app scripts with a new function for reinstalling
- Renamed the talk-signaling script to talk and deleted the old talk script
- Use start_if_stopped everywhere it fits
- Updatenotification: added an advice for Major Nextcloud updates
- Improved previewgenerator
- Fixed problems with static-ip
- Added Docker migrate script
- Fixed and issue with ClamAV
- Added more options to the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) and made some enhancements
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/20.0.0..20.0.1
- https://nextcloud.com/changelog/#latest20
## 20.0.0
### Small changelog:
- Add SMTP email relay to be able to send emails directly from the OS (Ubuntu)
- Make it possible to open ports with UPNP
- Update notify_admin_gui to cache all found admin users (tested with 500 users, and it's MUCH faster now)
- Disable hibernation (Ubuntu)
- Set archive.ubuntu.com as default Repo (Ubuntu)
- Standardize whiptails even more
- Improve fetch_lib
- Use fetch_lib in all scripts to prefer local library instead of hammering Github with requests in every script
- Update all Docker containers one by one when the update script is run due to compatibility issues with Bitwarden Password manager
- Improve the way passwords are set during the initial setup
- SMBmount: Introduce the option to customize the mount before adding as external storage to Nextcloud
- SMBmount: Add the option to utilize inotify to actively watch over externally changed files and folders
- Repository: cleanup by removing duplicate scripts and not-needed functions
- Repository: added the [not-supported folder](https://github.com/nextcloud/vm/tree/main/not-supported) with additional options like creating a SMB-server
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/19.0.3..20.0.0
- https://nextcloud.com/changelog/#latest20
## 19.0.3
### Small changelog:
- Standardize input_box flow
- Automatically rewrite Webmin to HTTPS
- Add default dark mode theme to Adminer
- Make Adminer work on HTTP/2
- Introduce fetch_lib and chain libaries - this is now the new way of fetching the libs
- Add more menu scripts
- Add more Yes/No boxes and fix occurrences where the text wasn't shown due to print_text_in_color
- Standardize Whiptails even more
- Change to TLS1.2 all over
- Make functions out of all special variables
- Create a new (smart) startup script with basic server settings
- Automatically get the main domain for all scripts with built in proxies
- Minor bugfixes and improvements
### Full changelog:
- https://github.com/nextcloud/vm/compare/19.0.2..19.0.3
- https://nextcloud.com/changelog/#latest19
### Known errors:
- N/A

53
migrate/docker/changes.md
View File

@ -1,53 +0,0 @@
//create folders
mkdir nc && cd nc
mkdir db
mkdir config
//if you are running postgresql < v13, upgrade the cluster to v13
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get -y install postgresql-13
sudo pg_dropcluster 13 main --stop
sudo pg_upgradecluster -m upgrade 12 main
//copy db files
cp -r /var/lib/postgresql/13/main db
cp /etc/postgresql/13/main/pg_hba.conf db
cp /etc/postgresql/13/main/pg_ident.conf db
cp /etc/postgresql/13/main/postgresql.conf db
//patch postgres config file
patch db/postgresql.conf postgres.patch
//add authorization to pg-hba.conf file
echo "host all all all md5" >> db/pg_hba.conf
//copy nc config
cp -R /var/www/nextcloud/config/* config
/*copy configuration data in thes files:
nextcloud_admin_password.txt # put admin password to this file
nextcloud_admin_user.txt # put admin username to this file
postgres_db.txt # put postgresql db name to this file
postgres_password.txt # put postgresql password to this file
postgres_user.txt # put postgresql username to this file
*/
//patch nc config
patch config/config.php config.patch
//change config directory ownership if not already the case (tofind out the needed id: docker exec -it nc id www-data)
chown -R www-data:www-data *
docker-compose up -d
// /usr/bin/sed -i "/);/i 'installed' => true" /var/www/html/config/config.php

39
migrate/docker/docker-compose.yml
View File

@ -1,39 +0,0 @@
version: '3.2'
volumes:
nextcloud:
db:
services:
db:
image: postgres
container_name: db
restart: always
volumes:
- ./db:/var/lib/postgresql/data
environment:
- POSTGRES_DB_FILE=/run/secrets/postgres_db
- POSTGRES_USER_FILE=/run/secrets/postgres_user
- POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
secrets:
- postgres_db
- postgres_password
- postgres_user
app:
image: nextcloud
container_name: nc
restart: always
ports:
- ${NC_PORT}:80
volumes:
- ./config:/var/www/html/config:rw
- ${NC_DATADIR}:/var/www/html/data
environment:
- POSTGRES_HOST=db
- POSTGRES_DB_FILE=${POSTGRES_DB}
- POSTGRES_USER_FILE=${POSTGRES_USER}
- POSTGRES_PASSWORD_FILE=${POSTGRES_PASSWORD}
- NEXTCLOUD_ADMIN_PASSWORD_FILE=${NEXTCLOUD_ADMIN_PASSWORD}
- NEXTCLOUD_ADMIN_USER_FILE=${NEXTCLOUD_ADMIN_USER}
depends_on:
- db

181
migrate/docker/migrate.sh
View File

@ -1,181 +0,0 @@
#!/bin/bash
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
if [ $# -eq 0 ]
then
echo "No arguments supplied"
exit 0
elif [ $# -lt 4 ]; then
echo "Wrong number of arguments supplied"
exit 0
fi
echo "Using folder $1, and Nextcloud User $2"
DIR="$1"
NC_USER=$2
NC_PWD=$3
NC_PORT=$4
POSTGRESPATH="/etc/postgresql"
PSQLVERSION_DOCKER=13
CFG_VARS=("dbname" "dbpassword" "dbuser")
CFG_NAMES=("POSTGRES_DB" "POSTGRES_PASSWORD" "POSTGRES_USER")
CFG_NAMES_EXT=("NEXTCLOUD_ADMIN_USER" "NEXTCLOUD_ADMIN_PASSWORD")
NC_CFG_PATH="config/config.php"
PG_CFG_PATH="db/postgresql.conf"
PG_COMMENT_OUT=("data_directory" "hba_file" "ident_file" "external_pid_file" "port" "ssl" "ssl_cert_file" "ssl_key_file" "log_line_prefix" "cluster_name" "stats_temp_directory" "include_dir")
if [ -d "$POSTGRESPATH" ]
then
mapfile -t test < <(find /usr -wholename '*/bin/postgres' |grep -Eo "[0-9][0-9]")
PSQLVERSION=0
for v in "${test[@]}"; do
if (( v > PSQLVERSION )); then PSQLVERSION=$v; fi;
done
echo "Postgresql installation Version $PSQLVERSION found"
else
echo "No postgresql installation found"
exit 0
fi
PG_CFG="/etc/postgresql/$PSQLVERSION/main"
PG_DATA="/var/lib/postgresql/$PSQLVERSION/main"
if (( PSQLVERSION < PSQLVERSION_DOCKER )); then
echo "Migrating database from version $PSQLVERSION to version $PSQLVERSION_DOCKER"
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
echo "Adding postgresql 13 repo and installing"
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
apt-get update
apt-get -y install postgresql-$PSQLVERSION_DOCKER -y
echo "Stopping Version $PSQLVERSION_DOCKER cluster"
pg_dropcluster 13 main --stop
echo "Migrating old cluster"
{
pg_upgradecluster -m upgrade "$PSQLVERSION" main
} ||
{
# could also check postgresql owner
#USER=$(stat -c '%U' "/etc/postgresql/12/main")
#echo $USER
#USER=$(stat -c '%U' "/var/lib/postgresql/12/main")
#echo $USER
chown -R postgres:postgres "$PG_CFG"
chown -R postgres:postgres "$PG_DATA"
pg_upgradecluster -m upgrade "$PSQLVERSION" main
}
fi
echo "making new folders"
mkdir "$DIR"
echo "Copying docker-compose file"
cp docker-compose.yml "$DIR"
cd "$DIR" || exit 0
mkdir db
mkdir config
echo "Copying database files"
cp -R /var/lib/postgresql/13/main db
cp /etc/postgresql/13/main/pg_hba.conf db
cp /etc/postgresql/13/main/pg_ident.conf db
cp /etc/postgresql/13/main/postgresql.conf db
echo "copying Nextcloud config file"
cp -R /var/www/nextcloud/config/* config
echo "Creating .env file"
for var in "${CFG_VARS[@]}"
do
file=$(grep "$var" < config/config.php)
IFS=" " read -r -a line <<< "$(grep "[\"'][^\"']*[\"']" <<< "$file")"
value=$(echo "${line[2]}"| sed -r "s/[\"',-]//gi")
echo "${CFG_NAMES[INDEX]}=$value saved in .env file"
echo "${CFG_NAMES[INDEX]}=$value" >> ".env"
((INDEX=INDEX+1))
done
{
echo "${CFG_NAMES_EXT[0]}=$NC_USER"
echo "${CFG_NAMES_EXT[1]}=$NC_PWD"
}>> ".env"
echo "NC_PORT=${NC_PORT}" >> ".env"
file=$(grep datadirectory < config/config.php)
IFS=" " read -r -a line <<< "$(grep "[\"'][^\"']*[\"']" <<< "$file")"
ORG_DATADIR=$(echo "${line[2]}"| sed -r "s/[\"',-]//gi")
echo "NC_DATADIR=${ORG_DATADIR}" >> ".env"
echo "Patching Nextcloud configuration file"
sed -i '/memcache.distributed/s/^/#/g' $NC_CFG_PATH
sed -i '/memcache.locking/s/^/#/g' $NC_CFG_PATH
start=$(sed -n '/redis/=' $NC_CFG_PATH| head -1)
mapfile -t ends < <(sed -n '/),/=' $NC_CFG_PATH )
for e in "${ends[@]}"
do
if [ "$e" -gt "$start" ]; then
end=$e
break
fi
done
sed -i "$start,$end s/^/#/" $NC_CFG_PATH
start=$(sed -n '/dbhost/=' $NC_CFG_PATH)
sed -i "$start s/.*/ 'dbhost' => 'db',/" $NC_CFG_PATH
start=$(sed -n '/datadirectory/=' $NC_CFG_PATH)
sed -i "$start s/.*/ 'datadirectory' => '\/var\/www\/html\/data',/" $NC_CFG_PATH
echo "Patching Postgresql configuration file"
for cmt in "${PG_COMMENT_OUT[@]}"
do
sed -i "/$cmt/s/^/#/g" $PG_CFG_PATH
done
start=$(sed -n '/listen_addresses/=' $PG_CFG_PATH)
sed -i "$start s/.*/listen_addresses = '*'/" $PG_CFG_PATH
echo "Patching Postgresql HBA file"
echo "host all all all md5" >> db/pg_hba.conf
chown -R www-data:docker ./*
echo "Disabling postgresql"
systemctl disable postgresql
systemctl stop postgresql
echo "Finished"
echo "Change the 'trusted_domains' section in the config/config.php file to match your needs"
echo "Run 'docker-compose up -d' to start the Nextcloud docker container"
echo "You may have to adjust the ownership of config and db folders"
echo "Consider changing your Apache configuration"

25
migrate/docker/readme.md
View File

@ -1,25 +0,0 @@
This repo is intended to help migrate an existing Nextcloud VM installation to a Docker container.
The Docker container will use the existing Postgresql Database (and it may update it) and the existing datadir.
# WARNING
This subfolder, and the migration tool have not been tested by the main maintainers of this repo. We put this here solely for inspiration, and you're on your own if something fails. We would still appreciate if you told us what went wrong though, by creating an issue.
How to use:
1. clone git
2. cd nc_migration
3. chmod +x migrate.sh
4. sudo ./migrate.sh destinationdir nc_username nc_password nc_port
5. change the trusted_domainssection in the config/config.php file to you needs
6. run it: 'docker-compose up-d'
Explanation of the bash script arguments:
- destinationdir = the folder containing all the files needed to run the Docker container
- nc_user = the Nextcloud administrator user
- nc_password = password for this user
- nc_port = port exposed by the container
TBD:
1. Implement SSL
2. Change bash script to include 'help' section and to be more versatile
3. Add redis

626
nextcloud-startup-script.sh
View File

@ -1,626 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# GNU General Public License v3.0
# https://github.com/nextcloud/vm/blob/main/LICENSE
#########
IRed='\e[0;91m' # Red
IGreen='\e[0;92m' # Green
ICyan='\e[0;96m' # Cyan
Color_Off='\e[0m' # Text Reset
print_text_in_color() {
printf "%b%s%b\n" "$1" "$2" "$Color_Off"
}
print_text_in_color "$ICyan" "Fetching all the variables from lib.sh..."
is_process_running() {
PROCESS="$1"
while :
do
RESULT=$(pgrep "${PROCESS}")
if [ "${RESULT:-null}" = null ]; then
break
else
print_text_in_color "$ICyan" "${PROCESS} is running, waiting for it to stop..."
sleep 10
fi
done
}
#########
# Check if dpkg or apt is running
is_process_running apt
is_process_running dpkg
true
SCRIPT_NAME="Nextcloud Startup Script"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Get all needed variables from the library
ncdb
# Check if root
root_check
# Create a snapshot before modifying anything
check_free_space
if does_snapshot_exist "NcVM-installation" || [ "$FREE_SPACE" -ge 50 ]
then
if does_snapshot_exist "NcVM-installation"
then
check_command lvremove /dev/ubuntu-vg/NcVM-installation -y
fi
if ! lvcreate --size 5G --snapshot --name "NcVM-startup" /dev/ubuntu-vg/ubuntu-lv
then
msg_box "The creation of a snapshot failed.
If you just merged and old one, please reboot your server once more.
It should work afterwards again."
exit 1
fi
fi
# Check network
if network_ok
then
print_text_in_color "$IGreen" "Online!"
else
print_text_in_color "$ICyan" "Setting correct interface..."
[ -z "$IFACE" ] && IFACE=$(lshw -c network | grep "logical name" | awk '{print $3; exit}')
# Set correct interface
cat <<-SETDHCP > "/etc/netplan/01-netcfg.yaml"
network:
version: 2
renderer: networkd
ethernets:
$IFACE:
dhcp4: true
dhcp6: true
SETDHCP
check_command netplan apply
print_text_in_color "$ICyan" "Checking connection..."
sleep 1
set_systemd_resolved_dns "$IFACE"
if ! nslookup github.com
then
msg_box "The script failed to get an address from DHCP.
You must have a working network connection to run this script.
You will now be provided with the option to set a static IP manually instead."
# Run static_ip script
bash /var/scripts/static_ip.sh
fi
fi
# Check network again
if network_ok
then
print_text_in_color "$IGreen" "Online!"
elif home_sme_server
then
msg_box "It seems like the last try failed as well using LAN ethernet.
Since the Home/SME server is equipped with a Wi-Fi module, you will now be asked to enable it to get connectivity.
Please note: It's not recommended to run a server on Wi-Fi; using an ethernet cable is always the best."
if yesno_box_yes "Do you want to enable Wi-Fi on this server?"
then
install_if_not network-manager
nmtui
fi
if network_ok
then
print_text_in_color "$IGreen" "Online!"
else
msg_box "Network is NOT OK. You must have a working network connection to run this script.
Please contact us for support:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/
Please also post this issue on: https://github.com/nextcloud/vm/issues"
exit 1
fi
else
msg_box "Network is NOT OK. You must have a working network connection to run this script.
Please contact us for support:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/
Please also post this issue on: https://github.com/nextcloud/vm/issues"
exit 1
fi
# Check that this run on the PostgreSQL VM
if ! is_this_installed postgresql-common
then
print_text_in_color "$IRed" "This script is intended to be \
run using a PostgreSQL database, but PostgreSQL is not installed."
print_text_in_color "$IRed" "Aborting..."
exit 1
fi
# Run the startup menu
run_script MENU startup_configuration
true
SCRIPT_NAME="Nextcloud Startup Script"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Get all needed variables from the library
ncdb
nc_update
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Nextcloud 21 is required
lowest_compatible_nc 21
# Add temporary fix if needed
if network_ok
then
run_script STATIC temporary-fix-beginning
fi
# Import if missing and export again to import it with UUID
zpool_import_if_missing
# Set phone region (needs the latest KEYBOARD_LAYOUT from lib)
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
if [ -n "$KEYBOARD_LAYOUT" ]
then
nextcloud_occ config:system:set default_phone_region --value="$KEYBOARD_LAYOUT"
fi
# Is this run as a pure root user?
if is_root
then
if [[ "$UNIXUSER" == "ncadmin" ]]
then
sleep 1
else
if [ -z "$UNIXUSER" ]
then
msg_box "You seem to be running this as the root user.
You must run this as a regular user with sudo permissions.
Please create a user with sudo permissions and the run this command:
sudo -u [user-with-sudo-permissions] sudo bash /var/scripts/nextcloud-startup-script.sh
We will do this for you when you hit OK."
download_script STATIC adduser
bash $SCRIPTS/adduser.sh "$SCRIPTS/nextcloud-startup-script.sh"
rm $SCRIPTS/adduser.sh
else
msg_box "You probably see this message if the user 'ncadmin' does not exist on the system,
which could be the case if you are running directly from the scripts on Github and not the VM.
As long as the user you created have sudo permissions it's safe to continue.
This would be the case if you created a new user with the script in the previous step.
If the user you are running this script with is a user that doesn't have sudo permissions,
please abort this script and report this issue to $ISSUES."
if yesno_box_yes "Do you want to abort this script?"
then
exit
fi
fi
fi
fi
######## The first setup is OK to run to this point several times, but not any further ########
if [ -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times" ]
then
msg_box "The $SCRIPT_NAME script that handles this first setup \
is designed to be run once, not several times in a row.
If you feel uncertain about adding some extra features during this setup, \
then it's best to wait until after the first setup is done. You can always add all the extra features later.
[For the Nextcloud VM:]
Please delete this VM from your host and reimport it once again, then run this setup like you did the first time.
[For the Nextcloud Home/SME Server:]
It's a bit trickier since you can't revert in the same way as a VM. \
The best thing you can do now is to save all the output from the session you \
ran before this one + write down all the steps you took and send and email to:
github@hanssonit.se with the subject 'Issues with first setup', and we'll take it from there.
Full documentation can be found here: https://docs.hanssonit.se
Please report any bugs you find here: $ISSUES"
exit 1
fi
touch "$SCRIPTS/you-can-not-run-the-startup-script-several-times"
if home_sme_server
then
download_script STATIC nhss_index
mv $SCRIPTS/nhss_index.php $HTML/index.php && rm -f $HTML/html/index.html
chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php
else
download_script STATIC index
mv $SCRIPTS/index.php $HTML/index.php && rm -f $HTML/html/index.html
chmod 750 $HTML/index.php && chown www-data:www-data $HTML/index.php
fi
# Change 000-default to $WEB_ROOT
sed -i "s|DocumentRoot /var/www/html|DocumentRoot $HTML|g" /etc/apache2/sites-available/000-default.conf
# Make possible to see the welcome screen (without this php-fpm won't reach it)
sed -i '14i\ # http://lost.l-w.ca/0x05/apache-mod_proxy_fcgi-and-php-fpm/' /etc/apache2/sites-available/000-default.conf
sed -i '15i\ <FilesMatch "\.php$">' /etc/apache2/sites-available/000-default.conf
sed -i '16i\ <If "-f %{SCRIPT_FILENAME}">' /etc/apache2/sites-available/000-default.conf
sed -i '17i\ SetHandler "proxy:unix:/run/php/php'$PHPVER'-fpm.nextcloud.sock|fcgi://localhost"' /etc/apache2/sites-available/000-default.conf
sed -i '18i\ </If>' /etc/apache2/sites-available/000-default.conf
sed -i '19i\ </FilesMatch>' /etc/apache2/sites-available/000-default.conf
sed -i '20i\ ' /etc/apache2/sites-available/000-default.conf
# Allow $UNIXUSER to run figlet script
chown "$UNIXUSER":"$UNIXUSER" "$SCRIPTS/nextcloud.sh"
msg_box "This script will configure your Nextcloud and activate TLS.
It will also do the following:
- Generate new SSH keys for the server
- Generate new PostgreSQL password
- Install selected apps and automatically configure them
- Detect and set hostname
- Detect and set trusted domains
- Upgrade your system and Nextcloud to latest version
- Set secure permissions to Nextcloud
- Set new passwords to Linux and Nextcloud
- Change timezone
- Set correct Rewriterules for Nextcloud
- Copy content from .htaccess to .user.ini (because we use php-fpm)
- Add additional options if you choose them
- Set correct CPU cores for Imaginary
- And more..."
msg_box "PLEASE NOTE:
[#] Please finish the whole setup. The server will reboot once done.
[#] Please read the on-screen instructions carefully, they will guide you through the setup.
[#] When complete it will delete all the *.sh, *.html, *.tar, *.zip inside:
/root
/home/$UNIXUSER
[#] Please consider donating if you like the product:
https://shop.hanssonit.se/product-category/donate/
[#] You can also ask for help here:
https://help.nextcloud.com/c/support/appliances-docker-snappy-vm
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
msg_box "PLEASE NOTE:
The first setup is meant to be run once, and not aborted.
If you feel uncertain about the options during the setup, just choose the defaults by hitting [ENTER] at each question.
When the setup is done, the server will automatically reboot.
Please report any issues to: $ISSUES"
# Change timezone in PHP
sed -i "s|;date.timezone.*|date.timezone = $(cat /etc/timezone)|g" "$PHP_INI"
# Change timezone for logging
nextcloud_occ config:system:set logtimezone --value="$(cat /etc/timezone)"
# Pretty URLs
print_text_in_color "$ICyan" "Setting RewriteBase to \"/\" in config.php..."
chown -R www-data:www-data $NCPATH
nextcloud_occ config:system:set overwrite.cli.url --value="http://localhost/"
nextcloud_occ config:system:set htaccess.RewriteBase --value="/"
nextcloud_occ maintenance:update:htaccess
bash $SECURE & spinner_loading
# Generate new SSH Keys
printf "\nGenerating new SSH keys for the server...\n"
rm -v /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
# Generate new PostgreSQL password
print_text_in_color "$ICyan" "Generating new PostgreSQL password..."
check_command bash "$SCRIPTS/change_db_pass.sh"
sleep 3
# Server configurations
bash $SCRIPTS/server_configuration.sh
# Nextcloud configuration
bash $SCRIPTS/nextcloud_configuration.sh
# Install apps
bash $SCRIPTS/additional_apps.sh
### Change passwords
# CLI USER
UNIXUSER="$(getent group sudo | cut -d: -f4 | cut -d, -f1)"
if [[ "$UNIXUSER" != "ncadmin" ]]
then
print_text_in_color "$ICyan" "No need to change password for CLI user '$UNIXUSER' since it's not the default user."
else
msg_box "For better security, we will now change the password for the CLI user in Ubuntu."
while :
do
UNIX_PASSWORD=$(input_box_flow "Please type in the new password for the current CLI user in Ubuntu: $UNIXUSER.")
if [[ "$UNIX_PASSWORD" == *" "* ]]
then
msg_box "Please don't use spaces."
else
break
fi
done
if check_command echo "$UNIXUSER:$UNIX_PASSWORD" | sudo chpasswd
then
msg_box "The new password for the current CLI user in Ubuntu ($UNIXUSER) is now set to: $UNIX_PASSWORD
This is used when you login to the Ubuntu CLI."
fi
fi
unset UNIX_PASSWORD
# NEXTCLOUD USER
NCADMIN=$(nextcloud_occ user:list | awk '{print $3}')
if [[ "$NCADMIN" != "ncadmin" ]]
then
print_text_in_color "$ICyan" "No need to change password for GUI user '$NCADMIN' since it's not the default user."
else
msg_box "We will now change the username and password for the Web Admin in Nextcloud."
while :
do
NEWUSER=$(input_box_flow "Please type in the name of the Web Admin in Nextcloud.
It must differ from the current one: $NCADMIN.\n\nThe only allowed characters for the username are:
'a-z', 'A-Z', '0-9', and '_.@-'")
if [[ "$NEWUSER" == *" "* ]]
then
msg_box "Please don't use spaces."
elif [ "$NEWUSER" = "$NCADMIN" ]
then
msg_box "This username ($NCADMIN) is already in use. Please choose a different one."
# - has to be escaped otherwise it won't work.
# Inspired by: https://unix.stackexchange.com/a/498731/433213
elif [ "${NEWUSER//[A-Za-z0-9_.\-@]}" ]
then
msg_box "Allowed characters for the username are:\na-z', 'A-Z', '0-9', and '_.@-'\n\nPlease try again."
else
break
fi
done
while :
do
OC_PASS=$(input_box_flow "Please type in the new password for the new Web Admin ($NEWUSER) in Nextcloud.")
# Create new user
export OC_PASS
if su -s /bin/sh www-data -c "php $NCPATH/occ user:add $NEWUSER --password-from-env -g admin"
then
msg_box "The new Web Admin in Nextcloud is now: $NEWUSER\nThe password is set to: $OC_PASS
This is used when you login to Nextcloud itself, i.e. on the web."
unset OC_PASS
break
else
any_key "Press any key to choose a different password."
fi
done
# Delete old user
if [[ "$NCADMIN" ]]
then
print_text_in_color "$ICyan" "Deleting $NCADMIN..."
nextcloud_occ user:delete "$NCADMIN"
sleep 2
fi
fi
# We need to unset the cached admin-user since we have changed its name
unset NC_ADMIN_USER
msg_box "Well done, you have now finished most of the setup.
There are still a few steps left but they are automated so sit back and relax! :)"
# Add default notifications
notify_admin_gui \
"Do you need support?" \
"If you need support, please visit the shop: https://shop.hanssonit.se, or the forum: https://help.nextcloud.com."
if ! is_this_installed php"$PHPVER"-imagick
then
notify_admin_gui \
"Regarding Imagick not being installed" \
"As you may have noticed, Imagick is not installed. We care about your security, \
and here's the reason: https://github.com/nextcloud/server/issues/13099"
fi
# Fixes https://github.com/nextcloud/vm/issues/58
a2dismod status
restart_webserver
if home_sme_server
then
install_if_not bc
mem_available="$(awk '/MemTotal/{print $2}' /proc/meminfo)"
mem_available_gb="$(echo "scale=0; $mem_available/(1024*1024)" | bc)"
# 32 GB RAM
if [[ 30 -lt "${mem_available_gb}" ]]
then
# Add specific values to PHP-FPM based on 32 GB RAM
check_command sed -i "s|pm.max_children.*|pm.max_children = 600|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.start_servers.*|pm.start_servers = 100|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 20|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 480|g" "$PHP_POOL_DIR"/nextcloud.conf
restart_webserver
# 16 GB RAM
elif [[ 14 -lt "${mem_available_gb}" ]]
then
# Add specific values to PHP-FPM based on 16 GB RAM
check_command sed -i "s|pm.max_children.*|pm.max_children = 300|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.start_servers.*|pm.start_servers = 50|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.min_spare_servers.*|pm.min_spare_servers = 20|g" "$PHP_POOL_DIR"/nextcloud.conf
check_command sed -i "s|pm.max_spare_servers.*|pm.max_spare_servers = 280|g" "$PHP_POOL_DIR"/nextcloud.conf
restart_webserver
fi
else
# Calculate the values of PHP-FPM based on the amount of RAM available (minimum 2 GB or 8 children)
calculate_php_fpm
# Run again if values are reset on last run
calculate_php_fpm
fi
# Set correct amount of CPUs for Imaginary
if does_this_docker_exist nextcloud/aio-imaginary
then
if which nproc >/dev/null 2>&1
then
nextcloud_occ config:system:set preview_concurrency_new --value="$(nproc)"
nextcloud_occ config:system:set preview_concurrency_all --value="$(($(nproc)*2))"
else
nextcloud_occ config:system:set preview_concurrency_new --value="2"
nextcloud_occ config:system:set preview_concurrency_all --value="4"
fi
fi
# Add temporary fix if needed
if network_ok
then
run_script STATIC temporary-fix-end
fi
# Cleanup 1
nextcloud_occ maintenance:repair
rm -f "$SCRIPTS/ip.sh"
rm -f "$SCRIPTS/change_db_pass.sh"
rm -f "$SCRIPTS/instruction.sh"
rm -f "$NCDATA/nextcloud.log"
rm -f "$SCRIPTS/static_ip.sh"
rm -f "$SCRIPTS/lib.sh"
rm -f "$SCRIPTS/server_configuration.sh"
rm -f "$SCRIPTS/nextcloud_configuration.sh"
rm -f "$SCRIPTS/additional_apps.sh"
rm -f "$SCRIPTS/adduser.sh"
rm -f "$SCRIPTS/activate-tls.sh"
rm -f "$SCRIPTS/desec_menu.sh"
rm -f "$NCDATA"/*.log
find /root "/home/$UNIXUSER" -type f \( -name '*.sh*' -o -name '*.html*' -o -name '*.tar*' -o -name 'results' -o -name '*.zip*' \) -delete
find "$NCPATH" -type f \( -name 'results' -o -name '*.sh*' \) -delete
sed -i "s|instruction.sh|nextcloud.sh|g" "/home/$UNIXUSER/.bash_profile"
truncate -s 0 \
/root/.bash_history \
"/home/$UNIXUSER/.bash_history" \
/var/spool/mail/root \
"/var/spool/mail/$UNIXUSER" \
/var/log/apache2/access.log \
/var/log/apache2/error.log \
"$VMLOGS/nextcloud.log"
sed -i "s|sudo -i||g" "$UNIXUSER_PROFILE"
cat << ROOTNEWPROFILE > "$ROOT_PROFILE"
# ~/.profile: executed by Bourne-compatible login shells.
if [ "/bin/bash" ]
then
if [ -f ~/.bashrc ]
then
. ~/.bashrc
fi
fi
if [ -x /var/scripts/nextcloud-startup-script.sh ]
then
/var/scripts/nextcloud-startup-script.sh
fi
if [ -x /var/scripts/history.sh ]
then
/var/scripts/history.sh
fi
mesg n
ROOTNEWPROFILE
# Set trusted domains
run_script STATIC trusted_domains
# Upgrade system
print_text_in_color "$ICyan" "System will now upgrade..."
bash $SCRIPTS/update.sh minor
# Check if new major is out, and inform on how to update
nc_update
if version_gt "$NCMAJOR" "$CURRENTMAJOR"
then
msg_box "We noticed that there's a new major release of Nextcloud ($NCVERSION).\nIf you want to update to the latest release instantly, please check this:\n
https://docs.hanssonit.se/s/W6fMouPiqQz3_Mog/virtual-machines-vm/d/W7Du9uPiqQz3_Mr1/nextcloud-vm-machine-configuration?currentPageId=W7D3quPiqQz3_MsE"
fi
# Cleanup 2
apt-get autoremove -y
apt-get autoclean
# Remove preference for IPv4
rm -f /etc/apt/apt.conf.d/99force-ipv4
apt-get update
# Success!
msg_box "The installation process is *almost* done.
Please hit OK in all the following prompts and let the server reboot to complete the installation process."
# Enterprise?
msg_box "ENTERPRISE?
Nextcloud Enterprise gives professional organizations software optimized and tested for mission critical environments.
More info here: https://nextcloud.com/enterprise/
Get your license here: https://shop.hanssonit.se/product/nextcloud-enterprise-license-100-users/"
msg_box "TIPS & TRICKS:
1. Publish your server online: http://shortio.hanssonit.se/ffOQOXS6Kh
2. To login to PostgreSQL just type: sudo -u postgres psql nextcloud_db
3. To update this server just type: sudo bash /var/scripts/update.sh
4. Install apps, configure Nextcloud, and server: sudo bash $SCRIPTS/menu.sh"
msg_box "SUPPORT:
Please ask for help in the forums, visit our shop to buy support:
- SUPPORT: https://shop.hanssonit.se/product/premium-support-per-30-minutes/
- FORUM: https://help.nextcloud.com/
BUGS:
Please report any bugs here: https://github.com/nextcloud/vm/issues"
msg_box "### PLEASE HIT OK TO REBOOT ###
Congratulations! You have successfully installed Nextcloud!
LOGIN:
Login to Nextcloud in your browser:
- IP: $ADDRESS
- Hostname: $(hostname -f)
### PLEASE HIT OK TO REBOOT ###"
# Reboot
print_text_in_color "$IGreen" "Installation done, system will now reboot..."
check_command rm -f "$SCRIPTS/you-can-not-run-the-startup-script-several-times"
check_command rm -f "$SCRIPTS/nextcloud-startup-script.sh"
if ! reboot
then
shutdown -r now
fi

1110
nextcloud_install_production.sh
View File

File diff suppressed because it is too large Load Diff

15
not-supported/README.md
View File

@ -1,15 +0,0 @@
# What is this subfolder about?
This subdirectory of the Nextcloud VM contains scripts that probably *never* will get merged into the released version, but we keep them here so that users can test, and enjoy the befnefits of having an easy way set up the different software offered in this sub-folder. Freedom of choice basically.
## Can I help?
Yes, of course! :)<br>
Although mostof the scripts might not be 100% ready, we would love to hear your feedback anyway.
Feedback is especially welcome, if you would like to add some features that these scripts bring in the released version of the NcVM.<br>
So, please report back! 🚀
## How to run this inside my NcVM?
We have prepared a menu for you to choose from available options. You can download the menu with the following command:<br>
`sudo wget https://raw.githubusercontent.com/nextcloud/vm/main/not-supported/not-supported.sh -P /var/scripts`<br>
After downloading the menu, you just run it with the following command:<br>
`sudo bash /var/scripts/not-supported.sh`<br>
Running the not-supported script will show the menu with the latest options to choose from.

340
not-supported/backup-viewer.sh
View File

@ -1,340 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Backup Viewer"
SCRIPT_EXPLAINER="This script shows the content of daily and/or off-shore backups."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh"
OFFSHORE_BACKUP_FILE="$SCRIPTS/off-shore-rsync-backup.sh"
# Ask for execution
msg_box "$SCRIPT_EXPLAINER"
if ! yesno_box_yes "Do you want to view the content of your backups?"
then
exit
fi
# Check if restore is possible
if ! [ -f "$DAILY_BACKUP_FILE" ]
then
msg_box "It seems like you haven't set up daily borg backups.
Please do that before you can view backups."
exit 1
fi
# Get needed variables
ENCRYPTION_KEY="$(grep "ENCRYPTION_KEY=" "$DAILY_BACKUP_FILE" | sed "s|.*ENCRYPTION_KEY=||;s|'||g;s|\"||g")"
DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')"
DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')"
if [ -z "$ENCRYPTION_KEY" ] || [ -z "$DAILY_BACKUP_FILE" ] || [ -z "$DAILY_BACKUP_FILE" ]
then
msg_box "Some daily backup variables are empty. This is wrong."
exit 1
fi
# Also get variables from the offshore backup file
if [ -f "$OFFSHORE_BACKUP_FILE" ]
then
OFFSHORE_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')"
OFFSHORE_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')"
if [ -z "$OFFSHORE_BACKUP_MOUNTPOINT" ] ||[ -z "$OFFSHORE_BACKUP_TARGET" ]
then
msg_box "Some off-shore backup variables are empty. This is wrong."
exit 1
fi
fi
# Check if pending snapshot is existing and cancel the viewing in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "The snapshot pending does exist. Can currently not show the backup.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
fi
# Check if startup snapshot is existing and cancel the viewing in this case.
if does_snapshot_exist "NcVM-startup"
then
msg_box "The snapshot startup does exist.
Please run the update script first."
exit 1
fi
# Check if snapshot can get renamed
if ! does_snapshot_exist "NcVM-snapshot"
then
msg_box "The NcVM-snapshot doesn't exist. This isn't allowed."
exit 1
fi
# Select your way of showing the backups
choice=$(whiptail --title "$TITLE" --menu \
"Which way do you prefer of showing your backups?
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Midnight Commander" "(Only for viewing your backups, no easy way to copy and move files)" \
"Webmin" "(Copy and move files via webpage but has bad mimetype support)" \
"Remotedesktop" "(Best way to copy and move files but needs xrdp to be installed)" 3>&1 1>&2 2>&3)
case "$choice" in
"Midnight Commander")
if ! is_this_installed mc
then
msg_box "It seems like Midnight Commander isn't installed, yet."
if yesno_box_yes "Do you want to install it now?"
then
run_script APP midnight-commander
else
exit 1
fi
if ! is_this_installed mc
then
msg_box "It seems like Midnight Commander stil isn't installed. Cannot proceed!"
exit 1
fi
fi
;;
"Webmin")
if ! is_this_installed webmin
then
msg_box "It seems like Webmin isn't installed, yet."
if yesno_box_yes "Do you want to install it now?"
then
run_script APP webmin
else
exit 1
fi
if ! is_this_installed webmin
then
msg_box "It seems like Webmin stil isn't installed. Cannot proceed!"
exit 1
fi
fi
;;
"Remotedesktop")
if ! is_this_installed xrdp
then
msg_box "It seems like Remotedesktop isn't installed, yet.
You need to install it on your server before you can use it.
To do that, you need to manually download and execute the following script on your server:
$NOT_SUPPORTED_FOLDER/remotedesktop.sh"
exit 1
fi
;;
"")
msg_box "No option chosen. Exiting!"
exit 1
;;
*)
;;
esac
# Safe the choice in a new variable
PROGRAM_CHOICE="$choice"
# View backup repository menu
args=(whiptail --title "$TITLE" --menu \
"Please select the backup repository that you want to view.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
print_text_in_color "$ICyan" "Looking for connected Backup drives. This can take a while..."
# Check if at least one drive is connected
DAILY=1
if ! [ -d "$DAILY_BACKUP_TARGET" ]
then
mount "$DAILY_BACKUP_MOUNTPOINT"
if ! [ -d "$DAILY_BACKUP_TARGET" ]
then
DAILY=""
fi
umount "$DAILY_BACKUP_MOUNTPOINT"
fi
if [ -f "$OFFSHORE_BACKUP_FILE" ]
then
OFFSHORE=1
if ! [ -d "$OFFSHORE_BACKUP_TARGET" ]
then
mount "$OFFSHORE_BACKUP_MOUNTPOINT"
if ! [ -d "$OFFSHORE_BACKUP_TARGET" ]
then
OFFSHORE=""
fi
fi
umount "$OFFSHORE_BACKUP_MOUNTPOINT"
fi
if [ -z "$DAILY" ] && [ -z "$OFFSHORE" ]
then
msg_box "Not even one backup drive is connected.
You must connect one if you want to view a backup."
exit 1
fi
# Get which one is connected
if [ -n "$DAILY" ]
then
args+=("$DAILY_BACKUP_TARGET" " Daily Backup Repository")
fi
if [ -n "$OFFSHORE" ]
then
args+=("$OFFSHORE_BACKUP_TARGET" " Off-Shore Backup Repository")
fi
# Show the menu
choice=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$choice" ]
then
msg_box "No target selected. Exiting."
exit 1
fi
# Check the mountpoint
if mountpoint -q /tmp/borg
then
umount /tmp/borg
if mountpoint -q /tmp/borg
then
msg_box "There is still something mounted on /tmp/borg. Cannot proceed."
exit 1
fi
fi
# Check if pending snapshot is existing a second time and cancel the viewing in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "The snapshot pending does exist. Can currently not show the backup.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
fi
# Rename the snapshot to represent that the backup is locked
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending
then
msg_box "Could not rename the snapshot. Please reboot your server!"
exit 1
fi
# Find out which one was mounted
if [ "$choice" = "$DAILY_BACKUP_TARGET" ]
then
BACKUP_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT"
elif [ "$choice" = "$OFFSHORE_BACKUP_TARGET" ]
then
BACKUP_MOUNTPOINT="$OFFSHORE_BACKUP_MOUNTPOINT"
# Work around issue with borg
# https://github.com/borgbackup/borg/issues/3428#issuecomment-380399036
mv /root/.config/borg/security/ /root/.config/borg/security.bak
mv /root/.cache/borg/ /root/.cache/borg.bak
fi
# Mount the drive
mount "$BACKUP_MOUNTPOINT"
# Break the borg lock if it exists because we have the snapshot that prevents such situations
if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ]
then
print_text_in_color "$ICyan" "Breaking the borg lock..."
borg break-lock "$BACKUP_TARGET_DIRECTORY"
fi
# Mount the repository
export BORG_PASSPHRASE="$ENCRYPTION_KEY"
mkdir -p /tmp/borg
borg mount "$choice" /tmp/borg
unset BORG_PASSPHRASE
unset ENCRYPTION_KEY
case "$PROGRAM_CHOICE" in
"Midnight Commander")
while :
do
msg_box "We will now open Midnight Commander so that you can view the content of your backup repository.\n
Please remember a few things for Midnight Commander:
1. You can simply navigate with the [ARROW] keys and [ENTER]
2. When you are done, please close Midnight Commander completely by pressing [F10]. \
Otherwise we will not be able to unmount the backup repository again and there will \
most likely be problems during the next regular backup."
if yesno_box_no "Do you remember all two points?"
then
break
fi
done
# Set the needed settings for mc
mkdir -p "/root/.config/mc"
cat << MC_INI > "/root/.config/mc/panels.ini"
[New Left Panel]
list_format=user
user_format=full name | mtime:15 | size:15 | owner:12 | group:12 | perm:12
MC_INI
# Show Midnight commander
mc /tmp/borg
# Revert panel settings to MC
echo "" > "/root/.config/mc/panels.ini"
;;
"Webmin")
msg_box "For showing your backups with Webmin, you should be able to access them by visiting in a Browser:
https://$ADDRESS:10000/filemin/index.cgi?path=/tmp/borg \n
If you haven't been logged in to Webmin, yet, you might need to log in first and open the link after you've done that.\n
After you are done, just press [ENTER] here to unmount the backup again."
;;
"Remotedesktop")
msg_box "For showing your backups with Remotedesktop, you need to connect to your server using an RDP client.
After you are connected, open a terminal in the session and execute the following command \
which should open the file manager with the correct location:\n
xhost +si:localuser:root && sudo nautilus /tmp/borg \n
After you are done, just press [ENTER] here to unmount the backup again."
;;
*)
;;
esac
# Restore original cache and security folder
if [ "$BACKUP_MOUNTPOINT" = "$OFFSHORE_BACKUP_MOUNTPOINT" ]
then
rm -r /root/.config/borg/security
mv /root/.config/borg/security.bak/ /root/.config/borg/security
rm -r /root/.cache/borg
mv /root/.cache/borg.bak/ /root/.cache/borg
fi
# Re-rename the snapshot to represent that it is done
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot
then
msg_box "Could not re-rename the snapshot. Please reboot your server!"
exit 1
fi
# Unmount borg backup
if ! umount /tmp/borg
then
msg_box "Could not unmount the backup archives."
fi
# Unmount the backup drive
sleep 1
if ! umount "$BACKUP_MOUNTPOINT"
then
msg_box "Could not unmount the backup drive."
exit 1
fi
# End message
msg_box "Just unmounted the backup repository and drive again."
# Adjust permissions
if [ -f "$SCRIPTS/adjust-startup-permissions.sh" ]
then
nohup bash "$SCRIPTS/adjust-startup-permissions.sh" &>/dev/null &
fi

196
not-supported/bitlocker-mount.sh
View File

@ -1,196 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Bitlocker Mount"
SCRIPT_EXPLAINER="This script automates mounting Bitlocker encrypted drives locally in your system.
Currently supported are only Bitlocker encrypted NTFS (Windows) drives.
You need a password to mount the drive. Recovery keys are not supported."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show install_popup
if ! is_this_installed dislocker
then
# Ask for installing
install_popup "$SCRIPT_NAME"
fi
# Test if one drive is already mounted/created
if grep -q "/media/bitlocker/1" /etc/fstab || mountpoint -q /media/bitlocker/1
then
msg_box "This script currently only supports mounting one Bitlocker encrypted drive.
Please unmount the current one and remove it from /etc/fstab if you want to mount a different one.
The easiest way to do so is to run the following two commands:
sudo sed -i '/\/media\/bitlocker\/1/d' /etc/fstab
sudo reboot"
exit
fi
# Install needed packet
install_if_not dislocker
# Secure fstab
chown root:root /etc/fstab
chmod 600 /etc/fstab
# Connect Bitlocker drive
msg_box "Please connect your Bitlocker encrypted NTFS (Windows) drive now if you haven't already done this.
After you hit OK, we wil scan for Bitlocker drives."
print_text_in_color "$ICyan" "Please connect your Bitlocker encrypted drive now."
count=0
while [ "$count" -lt 60 ]
do
PARTUUID=$(lsblk -o FSTYPE,PARTUUID | grep BitLocker | awk '{print $2}' | head -1)
if [ -z "$PARTUUID" ]
then
print_text_in_color "$ICyan" "No Bitlocker drive found. Please connect your drive now."
sleep 5 & spinner_loading
echo ""
count=$((count+5))
else
break
fi
done
# Exit after 60 seconds
if [ "$count" -ge 60 ]
then
msg_box "No drive found within 60 seconds.
Please run this script again if you want to try again."
msg_box "We will now remove dislocker so that you keep a clean system."
apt-get purge dislocker -y
apt-get autoremove -y
exit
fi
# Inform the user
msg_box "A Bitlocker encrypted drive was found!
Please leave it connected. We will now continue with the mounting process."
# Enter the password
while :
do
PASSWORD=$(input_box_flow "Please enter your password for the Bitlocker encrypted drive now!
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$PASSWORD" = "exit" ]
then
msg_box "We will now remove dislocker so that you keep a clean system."
apt-get purge dislocker -y
apt-get autoremove -y
exit 1
fi
mkdir -p /media/bitlocker/1
echo "PARTUUID=$PARTUUID /media/bitlocker/1 fuse.dislocker \
user-password=$PASSWORD,nofail 0 0" >> /etc/fstab
if ! mount /media/bitlocker/1
then
msg_box "The password seems to be false. Please try again."
sed -i '/fuse.dislocker/d' /etc/fstab
else
break
fi
done
# Inform the user
msg_box "The password is correct."
# Enter the mountpoint
while :
do
MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the Bitlocker encrypted drive.
One example is: '/mnt/data'
The directory has to start with '/mnt/'
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$MOUNT_PATH" = "exit" ]
then
umount /media/bitlocker/1
sed -i '/fuse.dislocker/d' /etc/fstab
msg_box "We will now remove dislocker so that you keep a clean system."
apt-get purge dislocker -y
apt-get autoremove -y
exit 1
elif echo "$MOUNT_PATH" | grep -q " "
then
msg_box "Please don't use spaces!"
elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/"
then
msg_box "The directory has to stat with '/mnt/'"
elif grep -q " $MOUNT_PATH " /etc/fstab
then
msg_box "The mountpoint already exists in fstab. Please try a different one."
elif mountpoint -q "$MOUNT_PATH"
then
msg_box "The mountpoint is already mounted. Please try a different one."
elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata"
then
msg_box "The directory isn't allowed to start with '/mnt/ncdata'"
elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares"
then
msg_box "The directory isn't allowed to start with '/mnt/smbshares'"
else
echo "/media/bitlocker/1/dislocker-file $MOUNT_PATH ntfs-3g \
windows_names,uid=www-data,gid=www-data,umask=007,nofail 0 0" >> /etc/fstab
mkdir -p "$MOUNT_PATH"
if ! mount "$MOUNT_PATH"
then
msg_box "The mount wasn't successful. Please try again.
Most likely it fails because the Bitlocker encrypted drive is no NTFS (Windows) drive."
sed -i '/\/media\/bitlocker\/1\/dislocker-file /d' /etc/fstab
else
break
fi
fi
done
# Inform the user
msg_box "Congratulations! The mount was successful.
You can now access the Bitlocker drive here:
$MOUNT_PATH"
# Test if Plex is installed
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
# Reconfiguring Plex
msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive.
This can take a while. Please be patient!"
print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..."
docker pull assaflavie/runlike
echo '#/bin/bash' > /tmp/pms-conf
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf
if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf
then
MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}"
sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf
docker stop plex
if ! docker rm plex
then
msg_box "Something failed while removing the old container."
exit 1
fi
if ! bash /tmp/pms-conf
then
msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'"
exit 1
fi
rm /tmp/pms-conf
msg_box "Plex was adjusted!"
else
rm /tmp/pms-conf
msg_box "No need to update Plex, since the drive is already mounted to Plex."
fi
fi
exit

727
not-supported/borgbackup.sh
View File

@ -1,727 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
# shellcheck disable=2024
true
SCRIPT_NAME="Borg Backup"
SCRIPT_EXPLAINER="This script creates the Borg backup of your server."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
LVM_MOUNT="/system"
ZFS_MOUNT="/ncdata"
START_TIME=$(date +%s)
CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S")
CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S")
LOG_FILE="$VMLOGS/borgbackup-$CURRENT_DATE.log"
# This is needed for running via cron
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
# Functions
inform_user() {
echo -e "\n\n# $2"
print_text_in_color "$1" "$2"
}
start_services() {
inform_user "$ICyan" "Starting services..."
systemctl start postgresql
if [ -z "$MAINTENANCE_MODE_ON" ]
then
sudo -u www-data php "$NCPATH"/occ maintenance:mode --off
fi
start_if_stopped docker
# Restart notify push if existing
if [ -f "$NOTIFY_PUSH_SERVICE_PATH" ]
then
systemctl restart notify_push
fi
}
paste_log_file() {
cat "$LOG_FILE" >> "$BORGBACKUP_LOG"
echo -e "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" >> "$BORGBACKUP_LOG"
}
remove_log_file() {
rm "$LOG_FILE"
}
show_drive_usage() {
inform_user "$ICyan" "Showing drive usage..."
lsblk -o FSUSE%,SIZE,MOUNTPOINT,NAME | grep -v "loop[0-9]" | grep "%" | sed 's|`-||;s/|-//;s/ | //'
echo ""
df -h | grep -v "loop[0-9]" | grep -v "tmpfs" | grep -v "^udev" | grep -v "^overlay"
}
send_error_mail() {
if [ -n "$ZFS_PART_EXISTS" ]
then
if mountpoint -q "$ZFS_MOUNT"
then
umount "$ZFS_MOUNT"
fi
fi
if [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
if [ -z "$DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE" ]
then
inform_user "$ICyan" "Unmounting the backup drive..."
umount "$BACKUP_MOUNTPOINT"
fi
fi
get_expiration_time
MAIL_TITLE="$2"
if [ -z "$2" ]
then
MAIL_TITLE="Daily backup"
fi
inform_user "$IRed" "$MAIL_TITLE sent error on $END_DATE_READABLE ($DURATION_READABLE)"
inform_user "$IRed" "$MAIL_TITLE failed! $1"
if ! send_mail "$MAIL_TITLE failed! $1" "$(cat "$LOG_FILE")"
then
notify_admin_gui \
"$MAIL_TITLE failed! Though mail sending didn't work!" \
"Please look at the log file $LOG_FILE if you want to find out more."
paste_log_file
else
paste_log_file
remove_log_file
fi
exit 1
}
re_rename_snapshot() {
if mountpoint -q "$LVM_MOUNT"
then
umount "$LVM_MOUNT"
fi
inform_user "$ICyan" "Re-renaming the snapshot..."
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot
then
return 1
else
return 0
fi
}
get_expiration_time() {
END_TIME=$(date +%s)
END_DATE_READABLE=$(date --date @"$END_TIME" +"%d.%m.%Y - %H:%M:%S")
DURATION=$((END_TIME-START_TIME))
DURATION_SEC=$((DURATION % 60))
DURATION_MIN=$(((DURATION / 60) % 60))
DURATION_HOUR=$((DURATION / 3600))
DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC)
}
check_snapshot_pending() {
if does_snapshot_exist "NcVM-snapshot-pending"
then
DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1
msg_box "The snapshot pending does exist. Can currently not proceed.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
send_error_mail "NcVM-snapshot-pending exists. Please try again later!" "$1"
fi
}
# Secure the backup file
chown root:root "$SCRIPTS/daily-borg-backup.sh"
chmod 700 "$SCRIPTS/daily-borg-backup.sh"
# Skip daily backup creation if needed
if [ -z "$SKIP_DAILY_BACKUP_CREATION" ]
then
# Add automatical unlock upon reboot
crontab -u root -l | grep -v "lvrename /dev/ubuntu-vg/NcVM-snapshot-pending" | crontab -u root -
crontab -u root -l | { cat; echo "@reboot /usr/sbin/lvrename /dev/ubuntu-vg/NcVM-snapshot-pending \
/dev/ubuntu-vg/NcVM-snapshot &>/dev/null" ; } | crontab -u root -
# Write output to logfile.
exec > >(tee -i "$LOG_FILE")
exec 2>&1
# Check if dpkg or apt is running
is_process_running apt
is_process_running dpkg
# Start backup
inform_user "$IGreen" "Daily backup started! $CURRENT_DATE_READABLE"
# Check if the file exists
if ! [ -f "$SCRIPTS/daily-borg-backup.sh" ]
then
send_error_mail "The daily-borg-backup.sh doesn't exist."
fi
# Check if /mnt/ncdata is mounted
if grep -q " /mnt/ncdata " /etc/mtab && ! grep " /mnt/ncdata " /etc/mtab | grep -q zfs
then
msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive."
exit 1
fi
# The home directory must exist on the root drive
if grep -q " /home " /etc/mtab
then
send_error_mail "The '/home' directory is mounted and not existing on the root drive."
fi
fi
# Check if all needed variables are there (they get exported by the local daily-backup-script.sh)
if [ -z "$ENCRYPTION_KEY" ] || [ -z "$BACKUP_TARGET_DIRECTORY" ] || [ -z "$BORGBACKUP_LOG" ] || [ -z "$BACKUP_MOUNTPOINT" ] \
|| [ -z "$CHECK_BACKUP_INTERVAL_DAYS" ] || [ -z "$DAYS_SINCE_LAST_BACKUP_CHECK" ]
then
send_error_mail "Didn't get all needed variables."
elif [ -n "$ADDITIONAL_BACKUP_DIRECTORIES" ]
# ADDITIONAL_BACKUP_DIRECTORIES is optional
then
mapfile -t ADDITIONAL_BACKUP_DIRECTORIES <<< "$ADDITIONAL_BACKUP_DIRECTORIES"
for directory in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}"
do
DIRECTORY="${directory%%/}"
if ! [ -d "$directory" ]
then
send_error_mail "$directory doesn't exist. Drive not connected?"
else
if ! test "$(timeout 5 ls -A "$directory")"
then
mount "$directory" &>/dev/null
if ! test "$(timeout 5 ls -A "$directory")"
then
send_error_mail "$directory doesn't exist. Drive not connected?"
fi
fi
fi
done
fi
# Export default values
export BORG_PASSPHRASE="$ENCRYPTION_KEY"
export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
# Skip daily backup creation if needed
if [ -z "$SKIP_DAILY_BACKUP_CREATION" ]
then
# Check if backup shall get checked
if [ "$DAYS_SINCE_LAST_BACKUP_CHECK" -ge "$CHECK_BACKUP_INTERVAL_DAYS" ]
then
CHECK_BACKUP=1
else
DAYS_SINCE_LAST_BACKUP_CHECK=$((DAYS_SINCE_LAST_BACKUP_CHECK+1))
sed -i "s|^export DAYS_SINCE_LAST_BACKUP_CHECK.*|export DAYS_SINCE_LAST_BACKUP_CHECK=$DAYS_SINCE_LAST_BACKUP_CHECK|" "$SCRIPTS/daily-borg-backup.sh"
fi
# Check if pending snapshot is existing and cancel the backup in this case.
check_snapshot_pending
# Check if snapshot can get created
check_free_space
if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ]
then
send_error_mail "Not enough free space on your vgs."
fi
# Prepare backup repository
inform_user "$ICyan" "Mounting the backup drive..."
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
mount "$BACKUP_MOUNTPOINT" &>/dev/null
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
send_error_mail "Could not mount the backup drive. Is it connected?"
fi
fi
# Test if btrfs volume
if grep " $BACKUP_MOUNTPOINT " /etc/mtab | grep -q btrfs
then
IS_BTRFS_PART=1
mkdir -p "$BACKUP_MOUNTPOINT/.snapshots"
btrfs subvolume snapshot -r "$BACKUP_MOUNTPOINT" "$BACKUP_MOUNTPOINT/.snapshots/@$CURRENT_DATE"
while [ "$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt 14 ]
do
DELETE_SNAP="$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)"
btrfs subvolume delete "$DELETE_SNAP"
done
fi
# Send mail that backup was started
if ! send_mail "Daily backup started!" "You will be notified again when the backup is finished!
Please don't restart or shutdown your server until then!"
then
notify_admin_gui "Daily backup started!" "You will be notified again when the backup is finished!
Please don't restart or shutdown your server until then!"
fi
# Check if pending snapshot is existing and cancel the backup in this case.
check_snapshot_pending
# Fix too large Borg cache
# https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
find /root/.cache/borg/ -maxdepth 2 -name chunks.archive.d -type d -exec rm -r {} \; -exec touch {} \;
# Stop services
inform_user "$ICyan" "Stopping services..."
if is_docker_running
then
systemctl stop docker
fi
if [ "$(sudo -u www-data php "$NCPATH"/occ config:system:get maintenance)" = "true" ]
then
MAINTENANCE_MODE_ON=1
fi
sudo -u www-data php "$NCPATH"/occ maintenance:mode --on
# Database export
# Not really necessary since the root partition gets backed up but easier to restore on new systems
ncdb # get NCDB
rm -f "$SCRIPTS"/nextclouddb.sql "$SCRIPTS"/nextclouddb.dump
rm -f "$SCRIPTS"/alldatabases.sql "$SCRIPTS"/alldatabases.dump
if sudo -Hiu postgres psql -c "SELECT 1 AS result FROM pg_database WHERE datname='$NCDB'" | grep -q "1 row"
then
inform_user "$ICyan" "Doing pgdump of $NCDB..."
sudo -Hiu postgres pg_dump "$NCDB" > "$SCRIPTS"/nextclouddb.dump
chown root:root "$SCRIPTS"/nextclouddb.dump
chmod 600 "$SCRIPTS"/nextclouddb.dump
else
inform_user "$ICyan" "Doing pgdump of all databases..."
sudo -Hiu postgres pg_dumpall > "$SCRIPTS"/alldatabases.dump
chown root:root "$SCRIPTS"/alldatabases.dump
chmod 600 "$SCRIPTS"/alldatabases.dump
fi
systemctl stop postgresql
# Check if pending snapshot is existing and cancel the backup in this case.
check_snapshot_pending
# Create LVM snapshot & Co.
inform_user "$ICyan" "Creating LVM snapshot..."
if does_snapshot_exist "NcVM-snapshot"
then
if ! lvremove /dev/ubuntu-vg/NcVM-snapshot -y
then
start_services
send_error_mail "Could not remove old NcVM-snapshot - Please reboot your server!"
fi
fi
if ! lvcreate --size 5G --snapshot --name "NcVM-snapshot" /dev/ubuntu-vg/ubuntu-lv
then
start_services
send_error_mail "Could not create NcVM-snapshot - Please reboot your server!"
else
inform_user "$IGreen" "Snapshot successfully created!"
fi
start_services
# Cover zfs snapshots
if grep " /mnt/ncdata " /etc/mtab | grep -q zfs
then
ZFS_PART_EXISTS=1
sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot
if ! zfs-auto-snapshot -r ncdata
then
send_error_mail "Could not create ZFS snapshot!"
fi
inform_user "$IGreen" "ZFS snapshot successfully created!"
ZFS_SNAP_NAME="$(zfs list -t snapshot | grep ncdata | grep snap-202 | sort -r | head -1 | awk '{print $1}')"
# Mount zfs snapshot
if mountpoint -q "$ZFS_MOUNT"
then
if ! umount "$ZFS_MOUNT"
then
send_error_mail "Could not unmount '$ZFS_MOUNT'!"
fi
fi
mkdir -p "$ZFS_MOUNT"
inform_user "$ICyan" "Mounting the ZFS snapshot..."
if ! mount --read-only --types zfs "$ZFS_SNAP_NAME" "$ZFS_MOUNT"
then
send_error_mail "Could not mount the ZFS snapshot!"
fi
fi
# Check if pending snapshot is existing and cancel the backup in this case.
check_snapshot_pending
# Rename the snapshot to represent that the backup is pending
inform_user "$ICyan" "Renaming the snapshot..."
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending
then
send_error_mail "Could not rename the snapshot to snapshot-pending."
fi
# Mount the snapshot
if mountpoint -q "$LVM_MOUNT"
then
if ! umount "$LVM_MOUNT"
then
re_rename_snapshot
send_error_mail "Could not unmount '$LVM_MOUNT'!"
fi
fi
mkdir -p "$LVM_MOUNT"
inform_user "$ICyan" "Mounting the snapshot..."
if ! mount --read-only /dev/ubuntu-vg/NcVM-snapshot-pending "$LVM_MOUNT"
then
re_rename_snapshot
send_error_mail "Could not mount the LVM snapshot!"
fi
# Borg backup based on this
# https://borgbackup.readthedocs.io/en/stable/deployment/automated-local.html?highlight=files%20cache#configuring-the-system
# https://iwalton.com/wiki/#[[Backup%20Script]]
# https://decatec.de/linux/backup-strategie-fuer-linux-server-mit-borg-backup/
# Log Borg version
borg --version
# Break the borg lock if it exists because we have the snapshot that prevents such situations
if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ]
then
inform_user "$ICyan" "Breaking the borg lock..."
if ! borg break-lock "$BACKUP_TARGET_DIRECTORY"
then
re_rename_snapshot
send_error_mail "Some errors were reported while breaking the borg lock!"
fi
fi
# Borg options
# auto,zstd compression seems to has the best ratio based on:
# https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
# System backup
EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache home/plex/transcode var/cache lost+found \
run var/run dev tmp "home/plex/config/Library/Application Support/Plex Media Server/Cache")
# mnt, media, sys, prob don't need to be excluded because of the usage of lvm-snapshots and the --one-file-system flag
for directory in "${EXCLUDED_DIRECTORIES[@]}"
do
EXCLUDE_DIRS+=(--exclude "$LVM_MOUNT/$directory/")
done
# Create system backup
inform_user "$ICyan" "Creating system partition backup..."
if ! borg create "${BORG_OPTS[@]}" --one-file-system "${EXCLUDE_DIRS[@]}" \
"$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition" "$LVM_MOUNT/"
then
inform_user "$ICyan" "Deleting the failed system backup archive..."
borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition"
show_drive_usage
re_rename_snapshot
send_error_mail "Some errors were reported during the system partition backup!"
fi
# Check Snapshot size
inform_user "$ICyan" "Testing how full the snapshot is..."
SNAPSHOT_USED=$(lvs -o name,data_percent | grep "NcVM-snapshot-pending" | awk '{print $2}' | sed 's|\..*||' | sed 's|,.*||')
if [ "$SNAPSHOT_USED" -lt 100 ]
then
inform_user "$IGreen" "Backup ok: Snapshot is not full ($SNAPSHOT_USED%)"
else
inform_user "$IRed" "Backup corrupt: Snapshot is full ($SNAPSHOT_USED%)"
inform_user "$ICyan" "Deleting the corrupt system backup archive..."
borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-system-partition"
show_drive_usage
re_rename_snapshot
send_error_mail "The backup archive was corrupt because the snapshot is full and has been deleted."
fi
# Unmount LVM_snapshot
inform_user "$ICyan" "Unmounting the snapshot..."
if ! umount "$LVM_MOUNT"
then
send_error_mail "Could not unmount the LVM snapshot."
fi
rm -r "$LVM_MOUNT"
# Prune options
BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BACKUP_TARGET_DIRECTORY")
# Prune system archives
inform_user "$ICyan" "Pruning the system archives..."
if ! borg prune --prefix '*_*-NcVM-system-partition' "${BORG_PRUNE_OPTS[@]}"
then
re_rename_snapshot
send_error_mail "Some errors were reported by the prune system command."
fi
# Boot partition backup
inform_user "$ICyan" "Creating boot partition backup..."
if ! borg create "${BORG_OPTS[@]}" "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-boot-partition" "/boot/"
then
inform_user "$ICyan" "Deleting the failed boot partition backup archive..."
borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-boot-partition"
show_drive_usage
re_rename_snapshot
send_error_mail "Some errors were reported during the boot partition backup!"
fi
# Prune boot archives
inform_user "$ICyan" "Pruning the boot archives..."
if ! borg prune --prefix '*_*-NcVM-boot-partition' "${BORG_PRUNE_OPTS[@]}"
then
re_rename_snapshot
send_error_mail "Some errors were reported by the prune boot command."
fi
# Create ZFS backup
if [ -n "$ZFS_PART_EXISTS" ]
then
inform_user "$ICyan" "Creating ncdata partition backup..."
if ! borg create "${BORG_OPTS[@]}" --one-file-system \
"$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-ncdata-partition" "$ZFS_MOUNT/"
then
inform_user "$ICyan" "Deleting the failed ncdata backup archive..."
borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-ncdata-partition"
show_drive_usage
re_rename_snapshot
send_error_mail "Some errors were reported during the ncdata partition backup!"
fi
# Prune ncdata archives
inform_user "$ICyan" "Pruning the ncdata archives..."
if ! borg prune --prefix '*_*-NcVM-ncdata-partition' "${BORG_PRUNE_OPTS[@]}"
then
re_rename_snapshot
send_error_mail "Some errors were reported by the prune ncdata command."
fi
# Unmount ZFS snapshot
inform_user "$ICyan" "Unmounting the ZFS snapshot..."
if ! umount "$ZFS_MOUNT"
then
re_rename_snapshot
send_error_mail "Could not unmount the ZFS snapshot."
fi
rm -r "$ZFS_MOUNT"
fi
# Backup additional locations
for directory in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}"
do
if [ -z "$directory" ]
then
continue
fi
DIRECTORY="${directory%%/}"
DIRECTORY_NAME=$(echo "$DIRECTORY" | sed 's|^/||;s|/|-|;s| |_|')
# Wait for the drive to spin up (else it is possible that some subdirectories are not backed up)
inform_user "$ICyan" "Waiting 15s for the $DIRECTORY_NAME directory..."
timeout 0.1s ls -l "$DIRECTORY/" &>/dev/null
if ! sleep 15
then
# In case someone cancels with ctrl+c here
re_rename_snapshot
send_error_mail "Something failed while waiting for the $DIRECTORY_NAME directory."
fi
# Create backup
inform_user "$ICyan" "Creating $DIRECTORY_NAME backup..."
if ! borg create "${BORG_OPTS[@]}" --one-file-system --exclude "$DIRECTORY/.snapshots/" \
"$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-$DIRECTORY_NAME-directory" "$DIRECTORY/"
then
inform_user "$ICyan" "Deleting the failed $DIRECTORY_NAME backup archive..."
borg delete --stats "$BACKUP_TARGET_DIRECTORY::$CURRENT_DATE-NcVM-$DIRECTORY_NAME-directory"
show_drive_usage
re_rename_snapshot
send_error_mail "Some errors were reported during the $DIRECTORY_NAME backup!"
fi
# Prune archives
inform_user "$ICyan" "Pruning the $DIRECTORY_NAME archives..."
if ! borg prune --prefix "*_*-NcVM-$DIRECTORY_NAME-directory" "${BORG_PRUNE_OPTS[@]}"
then
re_rename_snapshot
send_error_mail "Some errors were reported by the prune $DIRECTORY_NAME command."
fi
done
# Run a borg compact which is required with borg 1.2.0 and higher
if borg compact -h &>/dev/null
then
inform_user "$ICyan" "Starting borg compact which will clean up not needed commits and free space..."
if ! borg compact "$BACKUP_TARGET_DIRECTORY"
then
re_rename_snapshot
send_error_mail "Some errors were reported during borg compact!"
fi
fi
# Rename the snapshot back to normal
if ! re_rename_snapshot
then
send_error_mail "Could not rename the snapshot-pending to snapshot."
fi
# Print usage of drives into log
show_drive_usage
# Adjust permissions and scrub volume
if [ -n "$IS_BTRFS_PART" ]
then
inform_user "$ICyan" "Adjusting permissions..."
find "$BACKUP_MOUNTPOINT/" -not -path "$BACKUP_MOUNTPOINT/.snapshots/*" \
\( ! -perm 600 -o ! -group root -o ! -user root \) -exec chmod 600 {} \; -exec chown root:root {} \;
fi
# Unmount the backup drive
inform_user "$ICyan" "Unmounting the backup drive..."
if ! umount "$BACKUP_MOUNTPOINT"
then
send_error_mail "Could not unmount the backup drive!"
fi
# Show expiration time
get_expiration_time
inform_user "$IGreen" "Backup finished on $END_DATE_READABLE ($DURATION_READABLE)"
# Send mail about successful backup
if ! send_mail "Daily backup successful!" "$(cat "$LOG_FILE")"
then
notify_admin_gui \
"Daily backup successful! Though mail sending didn't work!" \
"Please look at the log file $LOG_FILE if you want to find out more."
if [ -z "$CHECK_BACKUP" ]
then
paste_log_file
fi
else
paste_log_file
remove_log_file
fi
# Create a file that can be checked for
rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL
touch /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL
# Exit here if the backup doesn't shall get checked
if [ -z "$CHECK_BACKUP" ]
then
exit
fi
# Exit here if we want to skip the backup check
if [ -n "$SKIP_DAILY_BACKUP_CHECK" ]
then
exit
fi
fi
# Recreate logfile
if ! [ -f "$LOG_FILE" ]
then
touch "$LOG_FILE"
# Write output to logfile.
exec > >(tee -i "$LOG_FILE")
exec 2>&1
fi
# New start time
START_TIME=$(date +%s)
CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S")
CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S")
# Inform user
inform_user "$IGreen" "Backup integrity check started! $CURRENT_DATE_READABLE"
# Check if pending snapshot is existing and cancel the backup check in this case.
check_snapshot_pending "Backup integrity check"
# Prepare backup repository
inform_user "$ICyan" "Mounting the backup drive..."
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
mount "$BACKUP_MOUNTPOINT" &>/dev/null
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
send_error_mail "Could not mount the backup drive. Is it connected?" "Backup integrity check"
fi
fi
# Send mail that backup was started
if ! send_mail "Weekly backup check started!" "You will be notified again when the check is finished!
Please don't restart or shutdown your server until then!"
then
notify_admin_gui "Weekly backup check started!" "You will be notified again when the check is finished!
Please don't restart or shutdown your server until then!"
fi
# Check if pending snapshot is existing and cancel the backup check in this case.
check_snapshot_pending "Backup integrity check"
# Rename the snapshot to represent that the backup is pending
inform_user "$ICyan" "Renaming the snapshot..."
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending
then
send_error_mail "Could not rename the snapshot to snapshot-pending." "Backup integrity check"
fi
# Check the backup
inform_user "$ICyan" "Checking the backup integrity..."
# TODO: check how long this takes. If too long, remove the --verifa-data flag
if ! borg check --verify-data "$BACKUP_TARGET_DIRECTORY"
then
re_rename_snapshot
send_error_mail "Some errors were reported during the backup integrity check!" "Backup integrity check"
fi
# Adjust permissions and scrub volume
if [ -n "$IS_BTRFS_PART" ] && [ "$BTRFS_SCRUB_BACKUP_DRIVE" = "yes" ]
then
inform_user "$ICyan" "Scrubbing BTRFS partition..."
if ! btrfs scrub start -B "$BACKUP_MOUNTPOINT"
then
re_rename_snapshot
send_error_mail "Some errors were reported while scrubbing the BTRFS partition."
fi
fi
# Rename the snapshot back to normal
if ! re_rename_snapshot
then
send_error_mail "Could not rename the snapshot-pending to snapshot." "Backup integrity check"
fi
# Print usage of drives into log
show_drive_usage
# Unmount the backup drive
if [ -z "$SKIP_DAILY_BACKUP_CREATION" ]
then
inform_user "$ICyan" "Unmounting the backup drive..."
if mountpoint -q "$BACKUP_MOUNTPOINT" && ! umount "$BACKUP_MOUNTPOINT"
then
send_error_mail "Could not unmount the backup drive!" "Backup integrity check"
fi
fi
# Resetting the integrity Check
inform_user "$ICyan" "Resetting the backup check timer..."
sed -i "s|^export DAYS_SINCE_LAST_BACKUP_CHECK.*|export DAYS_SINCE_LAST_BACKUP_CHECK=0|" "$SCRIPTS/daily-borg-backup.sh"
# Show expiration time
get_expiration_time
inform_user "$IGreen" "Backup integrity check finished on $END_DATE_READABLE ($DURATION_READABLE)"
# Send mail about successful backup
if ! send_mail "Backup integrity check successful!" "$(cat "$LOG_FILE")"
then
notify_admin_gui \
"Backup integrity check successful! Though mail sending didn't work!" \
"Please look at the log file $LOG_FILE if you want to find out more."
paste_log_file
else
paste_log_file
remove_log_file
fi
# Create a file that can be checked for
rm -f /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL
touch /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL
exit

150
not-supported/btrfs-format.sh
View File

@ -1,150 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="BTRFS Mount"
SCRIPT_EXPLAINER="This script automates formatting drives to BTRFS."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
# Mount drive
format_drive() {
local UUID
local LABEL
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
return 1
fi
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the drive that you would like to format to BTRFS.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}')
args+=("/dev/$drive" " $DRIVE_DESCRIPTION")
done
# Show the drive menu
DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$DEVICE" ]
then
return 1
fi
# Enter partition label
while :
do
LABEL="$(input_box_flow "Please enter the partition label that the drive shall get.
If you want to cancel, type in 'exit' and press [ENTER].")"
if [ "$LABEL" = exit ]
then
return 1
else
break
fi
done
# Last info box
if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' to BTRFS?
All current files on the drive will be erased!
Select 'Yes' to continue with the process. Select 'No' to cancel."
then
exit 1
fi
# Inform user
msg_box "We will now format the drive '$DEVICE' to BTRFS. Please be patient!"
# Wipe drive
dd if=/dev/urandom of="$DEVICE" bs=1M count=2
parted "$DEVICE" mklabel gpt --script
parted "$DEVICE" mkpart primary 0% 100% --script
# Wait because mkfs fails otherwise
sleep 1
# Format drive
if ! mkfs.btrfs "${DEVICE}1" --quiet --label "$LABEL"
then
msg_box "Something failed while formatting the drive to BTRFS."
exit 1
fi
# Inform user
msg_box "Formatting $DEVICE to BTRFS was successful!
You can now use the 'BTRFS Mount' script from the Not-Supported Menu to mount the drive to your system."
}
# Show main_menu
while :
do
choice=$(whiptail --title "$TITLE" --menu \
"Choose what you want to do.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Format a drive" "(Interactively format a drive to BTRFS)" \
"Exit" "(Exit this script)" 3>&1 1>&2 2>&3)
case "$choice" in
"Format a drive")
format_drive
;;
"Exit")
break
;;
"")
break
;;
*)
;;
esac
done
exit

345
not-supported/btrfs-mount.sh
View File

@ -1,345 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="BTRFS Mount"
SCRIPT_EXPLAINER="This script automates mounting BTRFS drives locally in your system."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
# Mount drive
mount_drive() {
local UUIDS
local UUID
local LABEL
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
return 1
fi
# Wait until the drive has spin up
countdown "Waiting for the drive to spin up..." 15
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the partition that you would like to mount.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important to show the partition menu
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}')
PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ")
unset PARTITIONS
mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')"
for partition in "${PARTITIONS[@]}"
do
STATS=$(echo "$PARTITION_STATS" | grep "^$partition ")
FSTYPE=$(echo "$STATS" | awk '{print $2}')
if [ "$FSTYPE" != "btrfs" ]
then
continue
fi
SIZE=$(echo "$STATS" | awk '{print $3}')
UUID=$(echo "$STATS" | awk '{print $4}')
if [ -z "$UUID" ]
then
continue
fi
LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||')
if ! grep -q "$UUID" /etc/fstab
then
args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE")
UUIDS+="$UUID"
else
msg_box "The partition
$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE
is already existing.\n
If you want to remove it, run the following two commands:
sudo sed -i '/$UUID/d' /etc/fstab
sudo reboot"
fi
done
done
# Check if at least one drive was found
if [ -z "$UUIDS" ]
then
msg_box "No drive found that can get mounted.
Most likely none is BTRFS formatted."
return 1
fi
# Show the partition menu
UUID=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$UUID" ]
then
return 1
fi
# Get the label of the partition
LABEL=$(lsblk -o UUID,LABEL | grep "^$UUID " | awk '{print $2,$3,$4,$5,$6,$7,$8,$9}' | sed 's| |_|g' | sed -r 's|[_]+$||')
if [ -z "$LABEL" ]
then
LABEL="partition-label"
fi
# Create plex user
if ! id plex &>/dev/null
then
check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex"
fi
# Enter the mountpoint
while :
do
MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition.
One example is: '/mnt/$LABEL'
The directory has to start with '/mnt/'
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$MOUNT_PATH" = "exit" ]
then
exit 1
elif echo "$MOUNT_PATH" | grep -q " "
then
msg_box "Please don't use spaces!"
elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/"
then
msg_box "The directory has to stat with '/mnt/'"
elif grep -q " $MOUNT_PATH " /etc/fstab
then
msg_box "The mountpoint already exists in fstab. Please try a different one."
elif mountpoint -q "$MOUNT_PATH"
then
msg_box "The mountpoint is already mounted. Please try a different one."
elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata"
then
msg_box "The directory isn't allowed to start with '/mnt/ncdata'"
elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares"
then
msg_box "The directory isn't allowed to start with '/mnt/smbshares'"
else
echo "UUID=$UUID $MOUNT_PATH btrfs defaults,nofail 0 0" >> /etc/fstab
mkdir -p "$MOUNT_PATH"
if ! mount "$MOUNT_PATH"
then
msg_box "The mount wasn't successful. Please try again."
sed -i "/$UUID/d" /etc/fstab
else
break
fi
fi
done
# Inform the user
msg_box "Congratulations! The mount was successful.
You can now access the partition here:
$MOUNT_PATH"
# Ask if this is a backup drive
if ! yesno_box_no "Is this drive meant to be a backup drive?
If you choose yes, it will only get mounted by a backup script \
and will restrict the read/write permissions to the root user."
then
print_text_in_color "$ICyan" "Adjusting permissions..."
chown -R plex:plex "$MOUNT_PATH" &>/dev/null
chmod -R 770 "$MOUNT_PATH" &>/dev/null
# Adjust permissions at start up
if ! [ -f "$SCRIPTS/adjust-startup-permissions.sh" ]
then
cat << PERMISSIONS > "$SCRIPTS/adjust-startup-permissions.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/adjust-startup-permissions.sh"
chmod 700 "$SCRIPTS/adjust-startup-permissions.sh"
# Entries
PERMISSIONS
fi
cat << PERMISSIONS >> "$SCRIPTS/adjust-startup-permissions.sh"
find "$MOUNT_PATH/" -not -path "$MOUNT_PATH/.snapshots/*" \\( ! -perm 770 -o ! -group plex \
-o ! -user plex \\) -exec chmod 770 {} \\; -exec chown plex:plex {} \\;
PERMISSIONS
chown root:root "$SCRIPTS/adjust-startup-permissions.sh"
chmod 700 "$SCRIPTS/adjust-startup-permissions.sh"
crontab -u root -l | grep -v "$SCRIPTS/adjust-startup-permissions.sh" | crontab -u root -
crontab -u root -l | { cat; echo "@reboot $SCRIPTS/adjust-startup-permissions.sh"; } | crontab -u root -
# Automatically create snapshots
mkdir -p "$MOUNT_PATH/.snapshots"
if ! [ -f "$SCRIPTS/create-daily-btrfs-snapshots.sh" ]
then
cat << SNAPSHOT > "$SCRIPTS/create-daily-btrfs-snapshots.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/create-daily-btrfs-snapshots.sh"
chmod 700 "$SCRIPTS/create-daily-btrfs-snapshots.sh"
# Variables
MAX_SNAPSHOTS=14
CURRENT_DATE=\$(date --date @"\$(date +%s)" +"%Y%m%d_%H%M%S")
SNAPSHOT
fi
cat << SNAPSHOT >> "$SCRIPTS/create-daily-btrfs-snapshots.sh"
# $MOUNT_PATH
btrfs subvolume snapshot -r "$MOUNT_PATH/" "$MOUNT_PATH/.snapshots/@\$CURRENT_DATE"
while [ "\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt "\$MAX_SNAPSHOTS" ]
do
DELETE="\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)"
btrfs subvolume delete "\$DELETE"
done
SNAPSHOT
chown root:root "$SCRIPTS/create-daily-btrfs-snapshots.sh"
chmod 700 "$SCRIPTS/create-daily-btrfs-snapshots.sh"
crontab -u root -l | grep -v "$SCRIPTS/create-daily-btrfs-snapshots.sh" | crontab -u root -
crontab -u root -l | { cat; echo "@daily $SCRIPTS/create-daily-btrfs-snapshots.sh >/dev/null"; } | crontab -u root -
# Execute monthly scrubs
if ! [ -f "$SCRIPTS/scrub-btrfs-monthly.sh" ]
then
cat << SNAPSHOT > "$SCRIPTS/scrub-btrfs-monthly.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/scrub-btrfs-monthly.sh"
chmod 700 "$SCRIPTS/scrub-btrfs-monthly.sh"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
SNAPSHOT
fi
cat << SNAPSHOT >> "$SCRIPTS/scrub-btrfs-monthly.sh"
# $MOUNT_PATH
notify_admin_gui "Starting monthly BTRFS check of $MOUNT_PATH" "Starting BTRFS-scrub of $MOUNT_PATH.
You will be notified again when the scrub is done"
if ! btrfs scrub start -B "$MOUNT_PATH"
then
notify_admin_gui "Error while performing monthly BTRFS scrub of $MOUNT_PATH!" \
"Error on $MOUNT_PATH\nPlease look at $VMLOGS/monthly-btrfs-scrub.log for further info!"
else
notify_admin_gui "Monthly BTRFS scrub successful of $MOUNT_PATH!" \
"$MOUNT_PATH was successfully tested!\nPlease look at $VMLOGS/monthly-btrfs-scrub.log for further info!"
fi
SNAPSHOT
chown root:root "$SCRIPTS/scrub-btrfs-monthly.sh"
chmod 700 "$SCRIPTS/scrub-btrfs-monthly.sh"
crontab -u root -l | grep -v "$SCRIPTS/scrub-btrfs-monthly.sh" | crontab -u root -
crontab -u root -l | { cat; echo "@monthly $SCRIPTS/scrub-btrfs-monthly.sh >> $VMLOGS/monthly-btrfs-scrub.log 2>&1"; } | crontab -u root -
# Test if Plex is installed
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
# Reconfiguring Plex
msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive.
This can take a while. Please be patient!"
print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..."
docker pull assaflavie/runlike
echo '#/bin/bash' > /tmp/pms-conf
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf
if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf
then
MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}"
sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf
docker stop plex
if ! docker rm plex
then
msg_box "Something failed while removing the old container."
return
fi
if ! bash /tmp/pms-conf
then
msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'"
return
fi
rm /tmp/pms-conf
msg_box "Plex was adjusted!"
else
rm /tmp/pms-conf
msg_box "No need to update Plex, since the drive is already mounted to Plex."
fi
fi
return
fi
# Execute the change to a backup drive
print_text_in_color "$ICyan" "Adjusting permissions..."
sed -i "/$UUID/s/defaults,nofail/defaults,noauto/" /etc/fstab
chown -R root:root "$MOUNT_PATH"
chmod -R 600 "$MOUNT_PATH"
umount "$MOUNT_PATH"
msg_box "Your Backup drive is ready."
}
# Show main_menu
while :
do
choice=$(whiptail --title "$TITLE" --menu \
"Choose what you want to do.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Mount a drive" "(Interactively mount a BTRFS drive)" \
"Exit" "(Exit this script)" 3>&1 1>&2 2>&3)
case "$choice" in
"Mount a drive")
mount_drive
;;
"Exit")
break
;;
"")
break
;;
*)
;;
esac
done
exit

489
not-supported/daily-backup-wizard.sh
View File

@ -1,489 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Daily Backup Wizard"
SCRIPT_EXPLAINER="This script helps creating a daily backup script for your server."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
BACKUP_SCRIPT_NAME="$SCRIPTS/daily-borg-backup.sh"
# Functions
mount_if_connected() {
umount "$1" &>/dev/null
mount "$1" &>/dev/null
if ! mountpoint -q "$1"
then
return 1
fi
return 0
}
get_backup_mounts() {
BACKUP_MOUNTS=""
BACKUP_MOUNTS="$(grep "ntfs-3g" /etc/fstab | grep "windows_names" | grep "uid=root" \
| grep "gid=root" | grep "umask=177" | grep "noauto" | awk '{print $2}')"
BACKUP_MOUNTS+="\n"
BACKUP_MOUNTS+="$(grep cifs /etc/fstab | grep "uid=root" | grep "gid=root" \
| grep "file_mode=0600" | grep "dir_mode=0600" | grep "noauto" | awk '{print $2}')"
BACKUP_MOUNTS+="\n"
BACKUP_MOUNTS+="$(grep btrfs /etc/fstab | grep ",noauto" | awk '{print $2}')"
}
# Ask for execution
msg_box "$SCRIPT_EXPLAINER"
if ! yesno_box_yes "Do you want to create a daily backup script?"
then
exit
fi
# Before starting check if the requirements are met
if [ -f "$BACKUP_SCRIPT_NAME" ]
then
msg_box "The daily backup script already exists.
Please rename or delete $BACKUP_SCRIPT_NAME if you want to reconfigure the backup."
exit 1
fi
# Check if pending snapshot is existing and cancel the setup in this case.
if does_snapshot_exist "NcVM-startup"
then
# Cannot get executed during the startup script
if [ -f "$SCRIPTS/nextcloud-startup-script.sh" ]
then
msg_box "The daily backup cannot get configured during the startup script.
Please try again after it is finished by running:
'sudo bash $SCRIPTS/menu.sh' -> 'Server Configuration' -> 'Daily Backup Wizard'."
exit
fi
msg_box "You need to run the update script once before you can continue with creating the backup script."
if yesno_box_yes "Do you want to do this now?"
then
bash "$SCRIPTS"/update.sh minor
else
exit 1
fi
if does_snapshot_exist "NcVM-startup"
then
msg_box "It seems like the statup script wasn't correctly removed. Cannot proceed."
exit 1
fi
fi
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "It seems to be currently running a backup or update.
Cannot set up the daily backup now. Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
fi
# Check if snapshot/free space exists
check_free_space
if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ]
then
msg_box "Unfortunately you have not enough free space on your vgs to \
create a LVM-snapshot which is a requirement to create a backup script.
If you are running the script in a VM and not on barebones, you can increase your root partition manually by following these steps:
1. Shut down the VM and create a snapshot/copy of it (in order to be able to restore the current state)
2. Now increase the size of the virtual disk1 in your hypervisor by at least 5 GB (e.g. in VMWare Virtualplayer)
3. Power the VM back on
4. Log in via SSH and run the following command:
'sudo pvresize \$(sudo pvs | grep ubuntu-vg | grep -oP \"/dev/sda[0-9]\")'
5. Now you can run this script again:
'sudo bash $SCRIPTS/menu.sh' -> 'Server Configuration' -> 'Daily Backup Wizard'"
exit 1
fi
# Check if backup drives existing
get_backup_mounts
if [ "$BACKUP_MOUNTS" = "\n\n" ]
then
msg_box "No backup mount found that can be used as daily backup target.
Please mount one with the SMB Mount script from the Additional Apps Menu \
or with the BTRFS Mount script or NTFS Mount script from the Not-Supported Menu."
if yesno_box_yes "Do you want to mount a SMB-share that can be used as backup target with the SMB Mount script?
(This requires a SMB-server in your network.)"
then
run_script APP smbmount
else
exit 1
fi
get_backup_mounts
if [ "$BACKUP_MOUNTS" = "\n\n" ]
then
msg_box "Still haven't found any backup mount that can be used as daily backup target. Cannot proceed!"
exit 1
fi
fi
BACKUP_MOUNTS="$(echo -e "$BACKUP_MOUNTS")"
mapfile -t BACKUP_MOUNTS <<< "$BACKUP_MOUNTS"
for drive in "${BACKUP_MOUNTS[@]}"
do
if ! mount_if_connected "$drive"
then
continue
fi
BACKUP_DRIVES+=("$drive")
umount "$drive"
done
if [ -z "${BACKUP_DRIVES[*]}" ]
then
msg_box "No backup drive found that is currently connected.
Please connect it to your server before you can continue."
exit 1
else
msg_box "At least one backup mount found. Please leave it connected."
fi
# Check if /mnt/ncdata is mounted
if grep -q " /mnt/ncdata " /etc/mtab && ! grep " /mnt/ncdata " /etc/mtab | grep -q zfs
then
msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive.
This is currently not supported."
exit 1
fi
# The same with the /home directory
if grep -q " /home " /etc/mtab
then
msg_box "The '/home' directory is mounted and not existing on the root drive.
This is currently not supported."
exit 1
fi
# Test sending of mails
if ! send_mail "Testmail" \
"This is a testmail to test if the server can send mails which is needed for the 'Daily Backup Wizard'."
then
msg_box "The server is not configured to send mails."
if yesno_box_yes "Do you want to do this now?"
then
run_script ADDONS smtp-mail
else
exit 1
fi
if ! send_mail "Testmail" \
"This is a testmail to test if the server can send mails which is needed for the 'Daily Backup Wizard'."
then
msg_box "The server still cannot send mails. Cannot proceed!"
exit 1
fi
fi
# Drive Menu
args=(whiptail --title "$TITLE" --separate-output --checklist \
"Please select the drives/mountpoints that you want to backup.
Always included is a full system backup (aka '/') and the '/mnt/ncdata' directory/drive.
$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get mountpoints
DRIVE_MOUNTS=$(find /mnt/ -mindepth 1 -maxdepth 2 -type d | grep -v "/mnt/ncdata")
mapfile -t DRIVE_MOUNTS <<< "$DRIVE_MOUNTS"
# Check if drives are connected
if [ -n "${DRIVE_MOUNTS[*]}" ]
then
for mountpoint in "${DRIVE_MOUNTS[@]}"
do
if mountpoint -q "$mountpoint" && [ "$(stat -c '%a' "$mountpoint")" = "770" ] \
&& [ "$(stat -c '%U' "$mountpoint")" = "www-data" ] && [ "$(stat -c '%G' "$mountpoint")" = "www-data" ]
then
args+=("$mountpoint" "" OFF)
RESULTS+="$mountpoint"
fi
done
# Only show menu if at least one additional drive is connected
if [ -n "$RESULTS" ]
then
selected_options=$("${args[@]}" 3>&1 1>&2 2>&3)
else
msg_box "No connected drive found that can get backed up.
Always included is a full system backup (aka '/') and the '/mnt/ncdata' directory/drive."
fi
# Let the user select directories on the found drives
if [ -n "$selected_options" ]
then
mapfile -t SELECTED_DRIVES <<< "$selected_options"
for mountpoint in "${SELECTED_DRIVES[@]}"
do
if yesno_box_yes "Do you want to backup the whole drive that is mounted at '$mountpoint'?"
then
ADDITIONAL_BACKUP_DIRECTORIES+=("$mountpoint")
continue
fi
DIRECTORIES=$(find "$mountpoint" -maxdepth 2 -type d | grep "$mountpoint/")
while :
do
msg_box "Those are existing directories on that drive. Please remember one.\n\n$mountpoint/\n$DIRECTORIES"
SELECTION=$(input_box_flow "Please type in one \
directory that you would like to backup on this drive '$mountpoint'.
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$SELECTION" = "exit" ]
then
exit 1
elif ! echo "$SELECTION" | grep -q "^$mountpoint/"
then
msg_box "It has to be a directory in '$mountpoint'. Please try again."
elif ! [ -d "$SELECTION" ]
then
msg_box "The directory doesn't exist. Please try again."
else
ADDITIONAL_BACKUP_DIRECTORIES+=("$SELECTION")
break
fi
done
done
fi
fi
# Backup drive menu
args=(whiptail --title "$TITLE" --menu \
"Please select the backup drive that you want to use.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get all backup drives
for drive in "${BACKUP_DRIVES[@]}"
do
if ! mount_if_connected "$drive"
then
continue
fi
args+=("$drive" "")
CONNECTED_DRIVES+="$drive"
umount "$drive"
done
# Show backup drive menu
if [ -n "$CONNECTED_DRIVES" ]
then
selected_options=$("${args[@]}" 3>&1 1>&2 2>&3)
else
msg_box "No backup drive connected.
Hence, unable to continue."
exit 1
fi
# Cancel if nothing chosen
if [ -z "$selected_options" ]
then
msg_box "No backup drive chosen. Hence exiting."
exit 1
else
BACKUP_TARGET_DIRECTORY="${selected_options%%/}"
# Mount the backup drive
check_command mount "$BACKUP_TARGET_DIRECTORY"
BACKUP_MOUNT="$BACKUP_TARGET_DIRECTORY"
fi
# Ask if default directory shall get used
if yesno_box_yes "Do you want to use the recommended backup directory which is:
'$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM'?"
then
if [ -d "$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM" ] && ! rm -d "$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM" &>/dev/null
then
msg_box "The directory '$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM' exists and cannot be used.
Please choose a custom one."
CUSTOM_DIRECTORY=1
else
BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM"
fi
else
CUSTOM_DIRECTORY=1
fi
# Choose custom backup directory
if [ -n "$CUSTOM_DIRECTORY" ]
then
while :
do
SELECTED_DIRECTORY=$(input_box_flow "Please type in the directory that you want to use as backup directory.
It has to start with '$BACKUP_TARGET_DIRECTORY/'.
Recommended is '$BACKUP_TARGET_DIRECTORY/borgbackup/NcVM'
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$SELECTED_DIRECTORY" = "exit" ]
then
exit 1
elif echo "$SELECTED_DIRECTORY" | grep -q " "
then
msg_box "Please don't use spaces."
elif ! echo "$SELECTED_DIRECTORY" | grep -q "^$BACKUP_TARGET_DIRECTORY/"
then
msg_box "The backup directory has to start with '$BACKUP_TARGET_DIRECTORY/'. Please try again."
elif [ -d "$SELECTED_DIRECTORY" ] && ! rm -d "$SELECTED_DIRECTORY" &>/dev/null
then
msg_box "This directory already exists. Please try again."
else
if ! mkdir -p "$SELECTED_DIRECTORY"
then
msg_box "Couldn't create the directory. Please try again."
rm -d "$SELECTED_DIRECTORY" &>/dev/null
else
rm -d "$SELECTED_DIRECTORY" &>/dev/null
BACKUP_TARGET_DIRECTORY="$SELECTED_DIRECTORY"
break
fi
fi
done
fi
# Ask for an Encryption key
while :
do
ENCRYPTION_KEY=$(input_box_flow "Please enter the encryption key that shall get used for Borg backups.
Please remember to store this key at a save place. You will not be able to restore your backup if you lose the key.
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$ENCRYPTION_KEY" = "exit" ]
then
exit 1
elif yesno_box_no "Have you saved the encryption key for your backup?"
then
break
fi
done
# Ask when the daily backup shall run
if yesno_box_yes "Do you want to run the daily backup at the recommended time 4.00 am?"
then
BACKUP_TIME="00 04"
else
while :
do
BACKUP_TIME=$(input_box_flow "Please enter the time when the backup shall get executed daily in this format:
'mm hh' (minutes first, hours second)
Recommended is: '00 04' (Backups will be executed at 4.00 am)
Please enter it in 24h format. (No am and pm).
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$BACKUP_TIME" = "exit" ]
then
exit 1
elif ! echo "$BACKUP_TIME" | grep -q "^[0-5][0-9] [0-1][0-9]$" && ! echo "$BACKUP_TIME" | grep -q "^[0-5][0-9] 2[0-3]$"
then
msg_box "Please enter the time in this format:
'mm hh' (minutes first, hours second)
Recommended is: '00 04' (Backups will be executed at 4.00 am)"
else
break
fi
done
fi
# Install needed tools
msg_box "We will now install all needed tools, initialize the Borg backup repository and create the daily backup script now."
install_if_not borgbackup
# Initialize the borg backup repository
export BORG_PASSPHRASE="$ENCRYPTION_KEY"
mkdir -p "$BACKUP_TARGET_DIRECTORY"
check_command borg init --encryption=repokey-blake2 "$BACKUP_TARGET_DIRECTORY"
borg config "$BACKUP_TARGET_DIRECTORY" additional_free_space 2G
unset BORG_PASSPHRASE
# Fix too large Borg cache
# https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
BORG_ID="$(borg config "$BACKUP_TARGET_DIRECTORY" id)"
check_command rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d"
check_command touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
# Make a backup from the borg config file
if ! [ -f "$BACKUP_TARGET_DIRECTORY/config" ]
then
msg_box "The borg config file wasn't created. Something is wrong."
exit 1
else
if ! send_mail "Your daily backup config file! Please save/archive it!" "$(cat "$BACKUP_TARGET_DIRECTORY/config")"
then
msg_box "Could not send the daily backup config file. This is wrong."
exit 1
fi
fi
# Unmount the backup drive
check_command umount "$BACKUP_MOUNT"
# Write beginning of the script
cat << WRITE_BACKUP_SCRIPT > "$BACKUP_SCRIPT_NAME"
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Daily Borg Backup"
SCRIPT_EXPLAINER="This script executes the daily Borg backup."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Export Variables
export ENCRYPTION_KEY='$ENCRYPTION_KEY'
export BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY"
export BACKUP_MOUNTPOINT="$BACKUP_MOUNT"
export BORGBACKUP_LOG="$VMLOGS/borgbackup.log"
export CHECK_BACKUP_INTERVAL_DAYS=14
export DAYS_SINCE_LAST_BACKUP_CHECK=14
WRITE_BACKUP_SCRIPT
unset ENCRYPTION_KEY
# Secure the file
chown root:root "$BACKUP_SCRIPT_NAME"
chmod 700 "$BACKUP_SCRIPT_NAME"
# Add a variable for enabling/disabling btrfs scrub for the backup drive
if grep "$BACKUP_MOUNT" /etc/fstab | grep -q btrfs
then
echo 'export BTRFS_SCRUB_BACKUP_DRIVE="yes"' >> "$BACKUP_SCRIPT_NAME"
fi
# Write additional backup sources to the script
SOURCES='export ADDITIONAL_BACKUP_DIRECTORIES="'
for source in "${ADDITIONAL_BACKUP_DIRECTORIES[@]}"
do
SOURCES+="$source\n"
done
SOURCES="${SOURCES%%\\n}"
SOURCES+='"'
echo -e "$SOURCES" >> "$BACKUP_SCRIPT_NAME"
# Write end of the script
cat << WRITE_BACKUP_SCRIPT >> "$BACKUP_SCRIPT_NAME"
# Execute backup
if network_ok
then
echo "Executing \$SCRIPT_NAME. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$BORGBACKUP_LOG"
run_script NOT_SUPPORTED_FOLDER borgbackup
else
echo "Unable to execute \$SCRIPT_NAME. No network connection. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$BORGBACKUP_LOG"
notify_admin_gui "Unable to execute \$SCRIPT_NAME." "No network connection."
fi
WRITE_BACKUP_SCRIPT
# Create fstab entry
crontab -u root -l | grep -v "$BACKUP_SCRIPT_NAME" | crontab -u root -
crontab -u root -l | { cat; echo "$BACKUP_TIME * * * $BACKUP_SCRIPT_NAME > /dev/null 2>&1" ; } | crontab -u root -
# Inform user
msg_box "The Borg backup script was successfully created!
It is located here: '$BACKUP_SCRIPT_NAME'\n
The first backup will run automatically at your chosen time."
exit

119
not-supported/firewall.sh
View File

@ -1,119 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Firewall"
SCRIPT_EXPLAINER="This script helps setting up a firewall for your NcVM."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if firewall is already enabled
if ! ufw status | grep -q " active"
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Ask for removal or reinstallation
reinstall_remove_menu "$SCRIPT_NAME"
# Removal
ufw disable
ufw --force reset
# Show successful uninstall if applicable
removal_popup "$SCRIPT_NAME"
fi
# Install and enable firewall
if ! is_this_installed ufw
then
DEBIAN_FRONTEND=noninteractive apt-get install ufw -y --no-install-recommends
systemctl enable ufw &>/dev/null
systemctl start ufw &>/dev/null
fi
# SSH
print_text_in_color "$ICyan" "Allow SSH"
ufw allow ssh comment SSH
# Web server
print_text_in_color "$ICyan" "Web server"
ufw allow http comment http
ufw allow https comment https
# UPnP
print_text_in_color "$ICyan" "UPnP"
ufw allow proto udp from 192.168.0.0/16 comment UPnP
# Adminer
print_text_in_color "$ICyan" "Allow Adminer"
ufw allow 9443/tcp comment Adminer
# Netdata
print_text_in_color "$ICyan" "Allow Netdata"
ufw allow 19999/tcp comment 'Netdata TCP'
ufw allow 19999/udp comment 'Netdata UDP'
# Talk (no custom port possible)
print_text_in_color "$ICyan" "Allow Talk"
ufw allow 3478/tcp comment 'Talk TCP'
ufw allow 3478/udp comment 'Talk UDP'
# Webmin
print_text_in_color "$ICyan" "Allow Webmin"
ufw allow 10000/tcp comment Webmin
# RDP
if is_this_installed xrdp
then
print_text_in_color "$ICyan" "Allow RDP"
ufw allow 3389/tcp comment Remotedesktop
fi
# Samba
if is_this_installed samba
then
print_text_in_color "$ICyan" "Allow Samba"
ufw allow samba comment Samba
fi
# Pi-hole
if pihole &>/dev/null
then
print_text_in_color "$ICyan" "Allow Pi-hole"
ufw allow 53/tcp comment 'Pi-hole TCP'
ufw allow 53/udp comment 'Pi-hole UDP'
ufw allow 8094/tcp comment 'Pi-hole Web'
fi
# PiVPN
if pivpn &>/dev/null
then
print_text_in_color "$ICyan" "Allow PiVPN"
ufw allow 51820/udp comment 'PiVPN'
fi
# Plex
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
print_text_in_color "$ICyan" "Allow Plex"
for port in 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp
do
ufw allow "$port" comment "Plex $port"
done
fi
# Enable firewall
print_text_in_color "$ICyan" "Enable Firewall"
ufw --force enable
msg_box "The Firewall was configured successfully!"

70
not-supported/monitor-link-shares.sh
View File

@ -1,70 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Monitor Link Shares"
SCRIPT_EXPLAINER="This script creates a script which monitors link shares and sends a mail or notification if new link shares were created in Nextcloud."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if the script is already installed
if ! [ -f "$SCRIPTS/audit-link-shares.sh" ]
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Ask for removal or reinstallation
reinstall_remove_menu "$SCRIPT_NAME"
# Removal
rm "$SCRIPTS/audit-link-shares.sh"
crontab -u root -l | grep -v "$SCRIPTS/audit-link-shares.sh" | crontab -u root -
# Show successful uninstall if applicable
removal_popup "$SCRIPT_NAME"
fi
# Create script
cat << MONITOR_LINK_SHARES > "$SCRIPTS/audit-link-shares.sh"
#!/bin/bash
LINK_SHARE="\$(timeout 30m tail -n0 -f "$VMLOGS/audit.log" | grep "has been shared via link")"
if [ -z "\$LINK_SHARE" ]
then
exit
fi
source "$SCRIPTS/fetch_lib.sh"
LINK_SHARE="\$(prettify_json "\$LINK_SHARE")"
FILES_FOLDERS="\$(echo "\$LINK_SHARE" | grep '"message":' | sed 's|.*"message": "||;s| with ID ".*||' | sort | uniq)"
if ! send_mail "Link share was created" "The following files/folders have been shared via link:
\$FILES_FOLDERS\n
See the full log below:
\$LINK_SHARE"
then
notify_admin_gui "Link share was created" "The following files/folders have been shared via link:
\$FILES_FOLDERS"
fi
MONITOR_LINK_SHARES
# Adjust rights
chown root:root "$SCRIPTS/audit-link-shares.sh"
chmod 700 "$SCRIPTS/audit-link-shares.sh"
# Create cronjob
crontab -u root -l | grep -v "$SCRIPTS/audit-link-shares.sh" | crontab -u root -
crontab -u root -l | { cat; echo "*/30 * * * * $SCRIPTS/audit-link-shares.sh >/dev/null" ; } | crontab -u root -
# enable admin_audit app
install_and_enable_app admin_audit
msg_box "$SCRIPT_NAME was successfully configured!
You will get a mail if new link shares were created."

27
not-supported/not-supported.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Not-supported Menu"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
print_text_in_color "$ICyan" "Running the Not-supported Menu script..."
if network_ok
then
# Delete, download, run
run_script NOT_SUPPORTED_FOLDER not-supported_menu
fi
exit

123
not-supported/not-supported_menu.sh
View File

@ -1,123 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Not-supported Menu"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Must be root
root_check
# Main menu
choice=$(whiptail --title "$TITLE" --checklist \
"This is the Not-supported Menu of the Nextcloud VM!
Please note that all options that get offered to you are not part of the released version and thus not 100% ready.
So please run them on your own risk. Feedback is more than welcome, though and can get reported here: $ISSUES
Choose which one you want to execute.
$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"BTRFS Format" "(Format drives to BTRFS)" OFF \
"BTRFS Mount" "(Mount BTRFS drives)" OFF \
"BTRFS Veracrypt" "(Format, encrypt and mount Veracrypt BTRFS drives)" OFF \
"NTFS Format" "(Format drives to NTFS)" OFF \
"NTFS Mount" "(Mount NTFS drives)" OFF \
"NTFS Veracrypt" "(Format, encrypt and mount Veracrypt NTFS drives)" OFF \
"Backup Viewer" "(View your Backups)" OFF \
"Daily Backup Wizard" "(Create a Daily Backup script)" OFF \
"Firewall" "(Setting up a firewall)" OFF \
"Harden SSH" "(Harden SSH configuration)" OFF \
"Monitor Link Shares" "(Monitors the creation of link shares)" OFF \
"Off-Shore Backup Wizard" "(Create an Off-Shore Backup script)" OFF \
"Pi-hole" "(Network wide ads- and tracker blocking)" OFF \
"PiVPN" "(Install a Wireguard VPN server with PiVPN)" OFF \
"PLEX Media Server" "(Multimedia server application)" OFF \
"Remotedesktop" "(Install a remotedesktop based on xrdp)" OFF \
"SMB-server" "(Create and manage a SMB-server on OS level)" OFF \
"System Restore" "(Restore the system partition from a backup)" OFF 3>&1 1>&2 2>&3)
case "$choice" in
*"BTRFS Format"*)
print_text_in_color "$ICyan" "Downloading the BTRFS Format script..."
run_script NOT_SUPPORTED_FOLDER btrfs-format
;;&
*"BTRFS Mount"*)
print_text_in_color "$ICyan" "Downloading the BTRFS Mount script..."
run_script NOT_SUPPORTED_FOLDER btrfs-mount
;;&
*"BTRFS Veracrypt"*)
print_text_in_color "$ICyan" "Downloading the Veracrypt script..."
run_script NOT_SUPPORTED_FOLDER veracrypt-btrfs
;;&
*"NTFS Format"*)
print_text_in_color "$ICyan" "Downloading the NTFS Format script..."
run_script NOT_SUPPORTED_FOLDER ntfs-format
;;&
*"NTFS Mount"*)
print_text_in_color "$ICyan" "Downloading the NTFS Mount script..."
run_script NOT_SUPPORTED_FOLDER ntfs-mount
;;&
*"NTFS Veracrypt"*)
print_text_in_color "$ICyan" "Downloading the Veracrypt script..."
run_script NOT_SUPPORTED_FOLDER veracrypt-ntfs
;;&
*"Backup Viewer"*)
print_text_in_color "$ICyan" "Downloading the Daily Backup Viewer script..."
run_script NOT_SUPPORTED_FOLDER backup-viewer
;;&
*"Daily Backup Wizard"*)
print_text_in_color "$ICyan" "Downloading the Daily Backup Wizard script..."
run_script NOT_SUPPORTED_FOLDER daily-backup-wizard
;;&
*"Firewall"*)
print_text_in_color "$ICyan" "Downloading the Firewall script..."
run_script NOT_SUPPORTED_FOLDER firewall
;;&
*"Harden SSH"*)
print_text_in_color "$ICyan" "Downloading the Harden SSH script..."
run_script ADDONS harden-ssh
;;&
*"Monitor Link Shares"*)
print_text_in_color "$ICyan" "Monitor Link Shares..."
run_script NOT_SUPPORTED_FOLDER monitor-link-shares
;;&
*"Off-Shore Backup Wizard"*)
print_text_in_color "$ICyan" "Downloading the Off-Shore Backup Wizard script..."
run_script NOT_SUPPORTED_FOLDER offshore-backup-wizard
;;&
*"Pi-hole"*)
print_text_in_color "$ICyan" "Downloading the Pi-hole script..."
run_script NOT_SUPPORTED_FOLDER pi-hole
;;&
*"PiVPN"*)
print_text_in_color "$ICyan" "Downloading the PiVPN script..."
run_script NOT_SUPPORTED_FOLDER pivpn
;;&
*"PLEX Media Server"*)
print_text_in_color "$ICyan" "Downloading the PLEX Media Server script..."
run_script NOT_SUPPORTED_FOLDER plexmediaserver
;;&
*"Remotedesktop"*)
print_text_in_color "$ICyan" "Downloading the Remotedesktop script..."
run_script NOT_SUPPORTED_FOLDER remotedesktop
;;&
*"SMB-server"*)
print_text_in_color "$ICyan" "Downloading the SMB Server script..."
run_script NOT_SUPPORTED_FOLDER smbserver
;;&
*"System Restore"*)
print_text_in_color "$ICyan" "Downloading the System Restore script..."
run_script NOT_SUPPORTED_FOLDER system-restore
;;&
*)
;;
esac
exit

151
not-supported/ntfs-format.sh
View File

@ -1,151 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="NTFS Mount"
SCRIPT_EXPLAINER="This script automates formatting drives to NTFS."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
# Mount drive
format_drive() {
local UUID
local LABEL
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
return 1
fi
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the drive that you would like to format to NTFS.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}')
args+=("/dev/$drive" " $DRIVE_DESCRIPTION")
done
# Show the drive menu
DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$DEVICE" ]
then
return 1
fi
# Enter partition label
while :
do
LABEL="$(input_box_flow "Please enter the partition label that the drive shall get.
If you want to cancel, type in 'exit' and press [ENTER].")"
if [ "$LABEL" = exit ]
then
return 1
else
break
fi
done
# Last info box
if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' to NTFS?
All current files on the drive will be erased!
Select 'Yes' to continue with the process. Select 'No' to cancel."
then
exit 1
fi
# Inform user
msg_box "We will now format the drive '$DEVICE' to NTFS. Please be patient!"
# Wipe drive
dd if=/dev/urandom of="$DEVICE" bs=1M count=2
parted "$DEVICE" mklabel gpt --script
parted "$DEVICE" mkpart primary 0% 100% --script
parted "$DEVICE" set 1 msftdata on --script
# Wait because mkfs fails otherwise
sleep 1
# Format drive
if ! mkfs.ntfs --quick "${DEVICE}1" --label "$LABEL"
then
msg_box "Something failed while formatting the drive to NTFS."
exit 1
fi
# Inform user
msg_box "Formatting $DEVICE to NTFS was successful!
You can now use the 'NTFS Mount' script from the Not-Supported Menu to mount the drive to your system."
}
# Show main_menu
while :
do
choice=$(whiptail --title "$TITLE" --menu \
"Choose what you want to do.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Format a drive" "(Interactively format a drive to NTFS)" \
"Exit" "(Exit this script)" 3>&1 1>&2 2>&3)
case "$choice" in
"Format a drive")
format_drive
;;
"Exit")
break
;;
"")
break
;;
*)
;;
esac
done
exit

254
not-supported/ntfs-mount.sh
View File

@ -1,254 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="NTFS Mount"
SCRIPT_EXPLAINER="This script automates mounting NTFS drives locally in your system."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
# Mount drive
mount_drive() {
local UUIDS
local UUID
local LABEL
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
return 1
fi
# Wait until the drive has spin up
countdown "Waiting for the drive to spin up..." 15
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the partition that you would like to mount.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important to show the partition menu
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}')
PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ")
unset PARTITIONS
mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')"
for partition in "${PARTITIONS[@]}"
do
STATS=$(echo "$PARTITION_STATS" | grep "^$partition ")
FSTYPE=$(echo "$STATS" | awk '{print $2}')
if [ "$FSTYPE" != "ntfs" ]
then
continue
fi
SIZE=$(echo "$STATS" | awk '{print $3}')
UUID=$(echo "$STATS" | awk '{print $4}')
if [ -z "$UUID" ]
then
continue
fi
LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||')
if ! grep -q "$UUID" /etc/fstab
then
args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE")
UUIDS+="$UUID"
else
msg_box "The partition
$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE
is already existing.\n
If you want to remove it, run the following two commands:
sudo sed -i '/$UUID/d' /etc/fstab
sudo reboot"
fi
done
done
# Check if at least one drive was found
if [ -z "$UUIDS" ]
then
msg_box "No drive found that can get mounted.
Most likely none is NTFS formatted."
return 1
fi
# Show the partition menu
UUID=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$UUID" ]
then
return 1
fi
# Get the label of the partition
LABEL=$(lsblk -o UUID,LABEL | grep "^$UUID " | awk '{print $2,$3,$4,$5,$6,$7,$8,$9}' | sed 's| |_|g' | sed -r 's|[_]+$||')
if [ -z "$LABEL" ]
then
LABEL="partition-label"
fi
# Create plex user
if ! id plex &>/dev/null
then
check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex"
fi
# Enter the mountpoint
while :
do
MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition.
One example is: '/mnt/$LABEL'
The directory has to start with '/mnt/'
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$MOUNT_PATH" = "exit" ]
then
exit 1
elif echo "$MOUNT_PATH" | grep -q " "
then
msg_box "Please don't use spaces!"
elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/"
then
msg_box "The directory has to stat with '/mnt/'"
elif grep -q " $MOUNT_PATH " /etc/fstab
then
msg_box "The mountpoint already exists in fstab. Please try a different one."
elif mountpoint -q "$MOUNT_PATH"
then
msg_box "The mountpoint is already mounted. Please try a different one."
elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata"
then
msg_box "The directory isn't allowed to start with '/mnt/ncdata'"
elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares"
then
msg_box "The directory isn't allowed to start with '/mnt/smbshares'"
else
echo "UUID=$UUID $MOUNT_PATH ntfs-3g \
windows_names,uid=plex,gid=plex,umask=007,nofail 0 0" >> /etc/fstab
mkdir -p "$MOUNT_PATH"
if ! mount "$MOUNT_PATH"
then
msg_box "The mount wasn't successful. Please try again."
sed -i "/$UUID/d" /etc/fstab
else
break
fi
fi
done
# Inform the user
msg_box "Congratulations! The mount was successful.
You can now access the partition here:
$MOUNT_PATH"
# Ask if this is a backup drive
if ! yesno_box_no "Is this drive meant to be a backup drive?
If you choose yes, it will only get mounted by a backup script \
and will restrict the read/write permissions to the root user."
then
# Test if Plex is installed
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
# Reconfiguring Plex
msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive.
This can take a while. Please be patient!"
print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..."
docker pull assaflavie/runlike
echo '#/bin/bash' > /tmp/pms-conf
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf
if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf
then
MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}"
sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf
docker stop plex
if ! docker rm plex
then
msg_box "Something failed while removing the old container."
return
fi
if ! bash /tmp/pms-conf
then
msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'"
return
fi
rm /tmp/pms-conf
msg_box "Plex was adjusted!"
else
rm /tmp/pms-conf
msg_box "No need to update Plex, since the drive is already mounted to Plex."
fi
fi
return
fi
# Execute the change to a backup drive
umount "$MOUNT_PATH"
sed -i "/$UUID/d" /etc/fstab
echo "UUID=$UUID $MOUNT_PATH ntfs-3g windows_names,uid=root,gid=root,umask=177,nofail,noauto 0 0" >> /etc/fstab
msg_box "Your Backup drive is ready."
}
# Show main_menu
while :
do
choice=$(whiptail --title "$TITLE" --menu \
"Choose what you want to do.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Mount a drive" "(Interactively mount a NTFS drive)" \
"Exit" "(Exit this script)" 3>&1 1>&2 2>&3)
case "$choice" in
"Mount a drive")
mount_drive
;;
"Exit")
break
;;
"")
break
;;
*)
;;
esac
done
exit

344
not-supported/offshore-backup-wizard.sh
View File

@ -1,344 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Off-Shore Backup Wizard"
SCRIPT_EXPLAINER="This script helps creating an off-shore backup script for your server."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
BACKUP_SCRIPT_NAME="$SCRIPTS/off-shore-rsync-backup.sh"
DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh"
# Functions
mount_if_connected() {
umount "$1" &>/dev/null
mount "$1" &>/dev/null
if ! mountpoint -q "$1"
then
return 1
fi
return 0
}
# Ask for execution
msg_box "$SCRIPT_EXPLAINER"
if ! yesno_box_yes "Do you want to create an off-shore backup script?"
then
exit
fi
# Before starting check if the requirements are met
if [ -f "$BACKUP_SCRIPT_NAME" ]
then
msg_box "The off-shore backup script already exists.
Please rename or delete $BACKUP_SCRIPT_NAME if you want to reconfigure the backup."
exit 1
fi
# Before starting check if the requirements are met
if ! [ -f "$DAILY_BACKUP_FILE" ]
then
msg_box "The daily backup doesn't exist.
Please create the daily backup script first by running the 'Daily Backup Wizard' from the 'Not-Supported Menu'"
exit 1
fi
# Check if pending snapshot is existing and cancel the setup in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "It seems to be currently running a backup or update.
Cannot set up the off-shore backup now. Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
elif does_snapshot_exist "NcVM-startup"
then
msg_box "Please run the update script once before you can continue."
exit 1
fi
# Check if snapshot/free space exists
check_free_space
if ! does_snapshot_exist "NcVM-snapshot" && ! [ "$FREE_SPACE" -ge 50 ]
then
msg_box "Unfortunately you have not enough free space on your vgs to \
create a LVM-snapshot which is a requirement to create a backup script."
exit 1
fi
# Get backup mountpoint from daily-borg-backup.sh
DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"$||')"
DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"$||')"
DAILY_BACKUP_DIFFERENCE="${DAILY_BACKUP_TARGET##"$DAILY_BACKUP_MOUNTPOINT"}"
if [ -z "$DAILY_BACKUP_MOUNTPOINT" ] || [ -z "$DAILY_BACKUP_TARGET" ] || [ -z "$DAILY_BACKUP_DIFFERENCE" ]
then
msg_box "One needed variable from daily-borg-backup.sh is empty.
This is false."
exit 1
fi
if [ "$DAILY_BACKUP_MOUNTPOINT" = "$DAILY_BACKUP_TARGET" ]
then
msg_box "Daily backup mountpoint and target are the same which is wrong."
exit 1
fi
if ! grep -q " $DAILY_BACKUP_MOUNTPOINT " /etc/fstab
then
msg_box "Couldn't find the daily backup drive in fstab. This is wrong."
exit 1
fi
# Check if backup drives existing
BACKUP_MOUNTS="$(grep "ntfs-3g" /etc/fstab | grep "windows_names" | grep "uid=root" \
| grep "gid=root" | grep "umask=177" | grep "noauto" | awk '{print $2}')"
BACKUP_MOUNTS+="\n"
BACKUP_MOUNTS+="$(grep cifs /etc/fstab | grep "uid=root" | grep "gid=root" \
| grep "file_mode=0600" | grep "dir_mode=0600" | grep "noauto" | awk '{print $2}')"
BACKUP_MOUNTS+="\n"
BACKUP_MOUNTS+="$(grep btrfs /etc/fstab | grep ",noauto" | awk '{print $2}')"
if [ "$BACKUP_MOUNTS" = "\n\n" ]
then
msg_box "No backup drive found that can be used as off-shore backup target.
Please mount one with the SMB Mount script from the Additional Apps Menu \
or with the BTRFS Mount script or NTFS Mount script from the Not-Supported Menu."
exit 1
fi
BACKUP_MOUNTS="$(echo -e "$BACKUP_MOUNTS" | grep -v "$DAILY_BACKUP_MOUNTPOINT")"
mapfile -t BACKUP_MOUNTS <<< "$BACKUP_MOUNTS"
for drive in "${BACKUP_MOUNTS[@]}"
do
if ! mount_if_connected "$drive"
then
continue
fi
BACKUP_DRIVES+=("$drive")
umount "$drive"
done
if [ -z "${BACKUP_DRIVES[*]}" ]
then
msg_box "No backup drive found that is currently connected.
Please connect it to your server before you can continue."
exit 1
else
msg_box "At least one backup drive found. Please leave it connected."
fi
# Test sending of mails
if ! send_mail "Testmail" \
"This is a testmail to test if the server can send mails which is needed for the 'Off-Shore Backup Wizard'."
then
msg_box "The server is not configured to send mails.
Please do that first by running the SMTP-Mail script from the Server Configuration Menu."
exit 1
fi
# Backup drive menu
args=(whiptail --title "$TITLE" --menu \
"Please select the backup drive that you want to use.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get all backup drives
for drive in "${BACKUP_DRIVES[@]}"
do
if ! mount_if_connected "$drive"
then
continue
fi
args+=("$drive" "")
CONNECTED_DRIVES+="$drive"
umount "$drive"
done
# Show backup drive menu
if [ -n "$CONNECTED_DRIVES" ]
then
selected_options=$("${args[@]}" 3>&1 1>&2 2>&3)
else
msg_box "No backup drive connected.
Hence, unable to continue."
exit 1
fi
# Cancel if nothing chosen
if [ -z "$selected_options" ]
then
msg_box "No backup drive chosen. Hence exiting."
exit 1
else
BACKUP_TARGET_DIRECTORY="${selected_options%%/}"
# Mount the backup drive
check_command mount "$BACKUP_TARGET_DIRECTORY"
BACKUP_MOUNT="$BACKUP_TARGET_DIRECTORY"
fi
# Ask if default directory shall get used
if yesno_box_yes "Do you want to use the recommended backup directory which is:
'$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE'?"
then
if [ -d "$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE" ] && ! rm -d "$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE"
then
msg_box "The directory '$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE' exists and cannot be used.
Please choose a custom one."
CUSTOM_DIRECTORY=1
else
BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE"
fi
else
CUSTOM_DIRECTORY=1
fi
# Choose custom backup directory
if [ -n "$CUSTOM_DIRECTORY" ]
then
while :
do
SELECTED_DIRECTORY=$(input_box_flow "Please type in the directory that you want to use as backup directory.
It has to start with '$BACKUP_TARGET_DIRECTORY/'.
Recommended is '$BACKUP_TARGET_DIRECTORY$DAILY_BACKUP_DIFFERENCE'
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$SELECTED_DIRECTORY" = "exit" ]
then
exit 1
elif echo "$SELECTED_DIRECTORY" | grep -q " "
then
msg_box "Please don't use spaces."
elif ! echo "$SELECTED_DIRECTORY" | grep -q "^$BACKUP_TARGET_DIRECTORY/"
then
msg_box "The backup directory has to start with '$BACKUP_TARGET_DIRECTORY/'. Please try again."
elif [ -d "$SELECTED_DIRECTORY" ] && ! rm -d "$SELECTED_DIRECTORY"
then
msg_box "This directory already exists. Please try again."
else
if ! mkdir -p "$SELECTED_DIRECTORY"
then
msg_box "Couldn't create the directory. Please try again."
rm -d "$SELECTED_DIRECTORY"
else
rm -d "$SELECTED_DIRECTORY"
BACKUP_TARGET_DIRECTORY="$SELECTED_DIRECTORY"
break
fi
fi
done
fi
# Create the folder and unmount the backup drive since no longer needed
mkdir -p "$BACKUP_TARGET_DIRECTORY"
check_command umount "$BACKUP_MOUNT"
# Ask when the daily backup shall run
if yesno_box_yes "Do you want to run the off-shore backup every 90 days, which is recommended?"
then
BACKUP_DAYS="90"
else
while :
do
BACKUP_DAYS=$(input_box_flow "Please enter how many days shall pass until the next off-shore backup shall get created.
Recommended are 90 days.
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$BACKUP_DAYS" = "exit" ]
then
exit 1
elif ! check_if_number "$BACKUP_DAYS"
then
msg_box "The value you entered doesn't seem to be a number, please enter a valid number."
elif ! [ "$BACKUP_DAYS" -gt 1 ]
then
msg_box "The number of days has to be at least equal or more than 2 days."
else
break
fi
done
fi
# Install needed tools
msg_box "We will create the off-shore backup script now."
# Write beginning of the script
cat << WRITE_BACKUP_SCRIPT > "$BACKUP_SCRIPT_NAME"
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Off-Shore Rsync Backup"
SCRIPT_EXPLAINER="This script executes the off-shore rsync backup."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Local Variables
BACKUP_INTERVAL_DAYS=$BACKUP_DAYS
DAYS_SINCE_LAST_BACKUP=$BACKUP_DAYS
# Export Variables
export BACKUP_TARGET_DIRECTORY="$BACKUP_TARGET_DIRECTORY"
export BACKUP_MOUNTPOINT="$BACKUP_MOUNT"
export RSYNC_BACKUP_LOG="$VMLOGS/rsyncbackup.log"
export BACKUP_SOURCE_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT"
export BACKUP_SOURCE_DIRECTORY="$DAILY_BACKUP_TARGET"
# Test if backup shall run
if [ "\$DAYS_SINCE_LAST_BACKUP" -lt "\$BACKUP_INTERVAL_DAYS" ]
then
DAYS_SINCE_LAST_BACKUP=\$((DAYS_SINCE_LAST_BACKUP+1))
sed -i "s|^DAYS_SINCE_LAST_BACKUP.*|DAYS_SINCE_LAST_BACKUP=\$DAYS_SINCE_LAST_BACKUP|" "\$BASH_SOURCE"
echo "Not yet enough days over to make the next off-shore backup \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG"
print_text_in_color "\$ICyan" "Not yet enough days over to make the next off-shore backup"
# Test if backup drive is still connected
umount "\$BACKUP_MOUNTPOINT" &>/dev/null
mount "\$BACKUP_MOUNTPOINT" &>/dev/null
if mountpoint -q "\$BACKUP_MOUNTPOINT" && ! grep "\$BACKUP_MOUNTPOINT" /etc/fstab | grep -q " cifs "
then
if ! send_mail "Off-shore Backup drive still connected!" \
"It seems like the Off-shore Backup drive ist still connected.
Please disconnect it from your server and store it somewhere safe outside your home!"
then
notify_admin_gui "Off-shore Backup drive still connected!" \
"It seems like the Off-shore Backup drive ist still connected.
Please disconnect it from your server and store it somewhere safe outside your home!"
fi
fi
umount "\$BACKUP_MOUNTPOINT" &>/dev/null
exit
fi
# Execute backup
if network_ok
then
echo "Executing \$SCRIPT_NAME. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG"
run_script NOT_SUPPORTED_FOLDER rsyncbackup
else
echo "Unable to execute \$SCRIPT_NAME. No network connection. \$(date +%Y-%m-%d_%H-%M-%S)" >> "\$RSYNC_BACKUP_LOG"
notify_admin_gui "Unable to execute \$SCRIPT_NAME." "No network connection."
fi
WRITE_BACKUP_SCRIPT
# Secure the file
chown root:root "$BACKUP_SCRIPT_NAME"
chmod 700 "$BACKUP_SCRIPT_NAME"
# Create fstab entry
crontab -u root -l | grep -v "$BACKUP_SCRIPT_NAME" | crontab -u root -
crontab -u root -l | { cat; echo "0 20 * * * $BACKUP_SCRIPT_NAME > /dev/null 2>&1" ; } | crontab -u root -
# Inform user
msg_box "The off-shore backup script was successfully created!
It is located here: '$BACKUP_SCRIPT_NAME'\n
The first backup will run at 20.00h, if the first daily backup has been created until then."
exit

499
not-supported/pi-hole.sh
View File

@ -1,499 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
# shellcheck disable=2016,2034,2059,2178
true
SCRIPT_NAME="Pi-hole"
SCRIPT_EXPLAINER="The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, \
without installing any client-side software.
This is their official website: https://pi-hole.net"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if already installed
if ! pihole &>/dev/null
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Choose to uninstall
if ! yesno_box_no "It seems like Pi-hole is already installed.
Do you want to uninstall Pi-hole and reset all its settings?"
then
exit 1
fi
# Check if PiVPN is installed
if pivpn &>/dev/null
then
msg_box "It seems like PiVPN is installed.
We recommend urgently to uninstall PiVPN before uninstalling Pi-hole \
because it could happen, that PiVPN doesn't work anymore after uninstalling Pi-hole."
exit 1
fi
# Warning
msg_box "Warning!
Uninstalling Pi-hole will reset all its config and will reboot your NcVM afterwards automatically."
# Last choice
if ! yesno_box_no "Do you want to continue nonetheless?"
then
exit 1
fi
# Get initially installed programs from pihole-update.sh
INSTALLED=$(grep "Pi-hole installed programs=" "$SCRIPTS/pihole-update.sh")
INSTALLED="${INSTALLED##*programs=}"
# Inform the user
if ! yesno_box_yes "These are all packets that where installed during your initial Pi-hole installation:
$INSTALLED
Do they look correct to you? If not, you can press 'no' and we will not remove anything.
If you press 'yes', we will remove Pi-hole, its settings and all those listed programs."
then
exit 1
fi
# Make an array from installed applications
read -r -a INSTALLED <<< "$INSTALLED"
UNINSTALL="/etc/.pihole/automated install/uninstall.sh"
# Uninstall pihole; we need to modify it, else it is not unattended
if ! [ -f "$UNINSTALL" ] || ! grep -q "######### SCRIPT ###########" "$UNINSTALL" || ! grep -q "removeNoPurge()" "$UNINSTALL"
then
msg_box "It seems like some uninstall functions changed.
Please report this to $ISSUES"
exit 1
fi
# Continue with preparation
check_command cp "/etc/.pihole/automated install/uninstall.sh" "$SCRIPTS"/pihole-uninstall.sh
check_command sed -i '/######### SCRIPT ###########/q' "$SCRIPTS"/pihole-uninstall.sh
check_command echo "removeNoPurge" >> "$SCRIPTS"/pihole-uninstall.sh
# Uninstall Pi-hole
check_command yes | bash "$SCRIPTS"/pihole-uninstall.sh
# Remove the file and crontab
crontab -u root -l | grep -v "pihole-update.sh" | crontab -u root -
check_command rm "$SCRIPTS"/pihole-uninstall.sh
# Delete the pihole user
if id pihole &>/dev/null
then
check_command killall -u pihole
check_command deluser pihole &>/dev/null
check_command groupdel pihole
fi
# Delete all its config data
rm -rf /etc/.pihole
rm -rf /etc/pihole
rm -rf /opt/pihole
rm -rf /usr/bin/pihole-FTL
rm -rf /usr/local/bin/pihole
rm -rf /var/www/html/admin
rm -f /var/www/html/pihole
# Delete unbound config
crontab -u root -l | grep -v "systemctl restart unbound" | crontab -u root -
rm /etc/unbound/unbound.conf.d/pi-hole.conf
# Remove update script
rm -f "$SCRIPTS/pihole-update.sh"
# Remove all initially installed applications
for program in "${INSTALLED[@]}"
do
apt-get purge "$program" -y
done
# Remove unbound
if is_this_installed unbound
then
apt-get purge unbound -y
fi
# Remove not needed dependencies
apt-get autoremove -y
# Delete other files
rm -f /var/www/html/index.lighttpd.orig
rm -rf /etc/lighttpd
# Remove apache conf
a2dissite pihole.conf &>/dev/null
rm -f "$SITES_AVAILABLE/pihole.conf"
restart_webserver
# Delete firewall entry
ufw delete allow 53/tcp &>/dev/null
ufw delete allow 53/udp &>/dev/null
ufw delete allow 8094/tcp &>/dev/null
# Inform the user
msg_box "Pi-hole was successfully uninstalled!
Please reset the DNS on your router/clients to restore internet connectivity"
msg_box "After you hit OK, your NcVM will get restarted."
rm -f "$SCRIPTS/pi-hole.sh"
# Reboot the NcVM because it would cause problems if not
reboot
fi
# Inform the user
msg_box "Before installing the Pi-hole, please make sure that you have a backup of your NcVM.
The reason is, that to install the Pi-hole we will need to run a 3rd party script on your NcVM.
Something could go wrong. So please keep backups!"
# Ask if backups are ready
if ! yesno_box_no "Have you made a backup of your NcVM?
This is the last possibility to quit!
If you choose 'yes' we will continue with the installtion."
then
exit 1
fi
# Inform the user
print_text_in_color "$ICyan" "Installing Pi-hole..."
# Download the script
mkdir -p "$SCRIPTS"
check_command curl -sfL https://install.pi-hole.net -o "$SCRIPTS"/pihole-install.sh
# Check that all patterns match
if ! grep -q 'displayFinalMessage "${pw}"' "$SCRIPTS"/pihole-install.sh || ! grep -q "setAdminFlag$" "$SCRIPTS"/pihole-install.sh \
|| ! grep -q "chooseInterface$" "$SCRIPTS"/pihole-install.sh || ! grep -q "getStaticIPv4Settings$" "$SCRIPTS"/pihole-install.sh
then
msg_box "It seems like some functions in pihole-install.sh have changed.
Please report this to $ISSUES"
exit 1
fi
# Continue with the process
sed -i 's|displayFinalMessage "${pw}"|echo displayFinalMessage|' "$SCRIPTS"/pihole-install.sh # We don't want to display the final message
sed -i "s|setAdminFlag$|echo setAdminFlag|" "$SCRIPTS"/pihole-install.sh # We want to install the web-interface and lighttpd
sed -i "s|chooseInterface$|echo chooseInterface|" "$SCRIPTS"/pihole-install.sh # We don't want the user choose the interface
sed -i "s|getStaticIPv4Settings$|echo getStaticIPv4Settings|" "$SCRIPTS"/pihole-install.sh # We don't want to set a static ip4
# Export default values
PIHOLE_INTERFACE="$IFACE"
export PIHOLE_INTERFACE
# Fix php versions getting hold for pi-hole install script
apt-mark unhold php"$PHPVER"*
# Run the script
bash "$SCRIPTS"/pihole-install.sh | tee "$SCRIPTS"/pihole-install.report
# Get all installed and remove pihole-install.sh
unset INSTALLED
INSTALLED=$(grep "Checking for" "$SCRIPTS"/pihole-install.report | grep "will be installed" | awk '{print $8}')
check_command rm "$SCRIPTS"/pihole-install.sh
check_command rm "$SCRIPTS"/pihole-install.report
# Check if at least one app got installed
if [ -z "${INSTALLED[*]}" ]
then
msg_bos "Something is wrong. Didn't expect that no requirement get installed.
Please report this to $ISSUES"
fi
# Make an array from installed applications
mapfile -t INSTALLED <<< "${INSTALLED[@]}"
# Create update script
mkdir -p "$SCRIPTS"
# Insert the new lines into pihole-update.sh
cat << PIHOLE_UPDATE > "$SCRIPTS/pihole-update.sh"
#!/bin/bash
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh)
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
notify_admin_gui "Starting the Pi-hole update." "You will be notified when it is done."
# Create backup first
if [ -f "\$SCRIPTS/daily-borg-backup.sh" ]
then
rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL
export SKIP_DAILY_BACKUP_CHECK=1
bash "\$SCRIPTS/daily-borg-backup.sh"
if ! [ -f "/tmp/DAILY_BACKUP_CREATION_SUCCESSFUL" ]
then
notify_admin_gui "Pi-hole update failed because backup could not be created!" \
"Could not create a backup! \$(date +%T)"
exit 1
fi
fi
check_command pihole -up
systemctl stop lighttpd
check_command sed -i 's|^server\.port.*|server\.port = 8093|' /etc/lighttpd/lighttpd.conf
sleep 10 # Wait for lighttpd
check_command systemctl start lighttpd
# Please don't remove or change this line! Pi-hole installed programs=${INSTALLED[@]}
notify_admin_gui "Pi-hole update successful!" ""
PIHOLE_UPDATE
# Secure the file
chown root:root "$SCRIPTS/pihole-update.sh"
chmod 700 "$SCRIPTS/pihole-update.sh"
# Check if Pi-hole was successfully installed
if ! pihole &>/dev/null
then
msg_box "Something got wrong during pihole-install.sh
Please report this to $ISSUES"
exit 1
fi
# Set up REV_SERVER for local DNS entries because Pi-hole isn't the DHCP server and some other settings
if [ -f /etc/pihole/setupVars.conf ] && ! grep -q "REV_SERVER" /etc/pihole/setupVars.conf
then
cat << PIHOLE_CONF >> /etc/pihole/setupVars.conf
REV_SERVER=true
REV_SERVER_CIDR=$(ip route | grep -v "default via" | grep "$IFACE" | awk '{print $1}' | grep "/")
REV_SERVER_TARGET=$GATEWAY
REV_SERVER_DOMAIN=
PIHOLE_CONF
fi
# Make sure that local DNS entries work
if [ -f /etc/pihole/setupVars.conf ] && ! grep -q "DNS_FQDN_REQUIRED" /etc/pihole/setupVars.conf && ! grep -q "DNS_BOGUS_PRIV" /etc/pihole/setupVars.conf
then
cat << PIHOLE_CONF >> /etc/pihole/setupVars.conf
DNS_FQDN_REQUIRED=false
DNS_BOGUS_PRIV=false
PIHOLE_CONF
fi
# Wait for pihole to restart
print_text_in_color "$ICyan" "Restarting pihole..."
sleep 5
# Try to restart Pi-hole to apply the new settings
if ! pihole restartdns
then
msg_box "Something got wrong during the Pi-hole restart.
Please report this to $ISSUES"
exit 1
fi
# Change the port to 8093
check_command sudo sed -i '/^server.port/s/80/8093/' /etc/lighttpd/lighttpd.conf
# Wait for lighttpd to startup
print_text_in_color "$ICyan" "Restarting lighttpd..."
sleep 5
# Restart lighttpd
if ! systemctl restart lighttpd
then
msg_box "Couldn't restart lighttpd.
Please report this to $ISSUES"
exit 1
fi
# Install Apache2
print_text_in_color "$ICyan" "Configuring Apache..."
install_if_not apache2
a2enmod headers
a2enmod rewrite
a2enmod ssl
a2enmod proxy
a2enmod proxy_http
# Only add TLS 1.3 on Ubuntu later than 22.04
if version 22.04 "$DISTRO" 24.04.10
then
TLS13="+TLSv1.3"
fi
cat << PIHOLE_CONF > "$SITES_AVAILABLE/pihole.conf"
Listen 8094
<VirtualHost *:8094>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
# Intermediate configuration
SSLEngine on
SSLCompression off
SSLProtocol -all +TLSv1.2 $TLS13
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
ServerSignature off
# Logs
LogLevel warn
CustomLog \${APACHE_LOG_DIR}/access.log combined
ErrorLog \${APACHE_LOG_DIR}/error.log
# Just in case - see below
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# This is needed to redirect access on http://$ADDRESS:8094/ to https://$ADDRESS:8094/
ErrorDocument 400 https://$ADDRESS:8094/admin/
# basic proxy settings
ProxyRequests off
ProxyPass / "http://127.0.0.1:8093/"
ProxyPassReverse / "http://127.0.0.1:8093/"
ProxyPreserveHost On
### LOCATION OF CERT FILES ###
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
PIHOLE_CONF
# Enable config
check_command a2ensite pihole.conf
# Restart webserver
if ! restart_webserver
then
msg_box "Apache2 could not restart...
The script will exit."
exit 1
fi
# Generate new Pi-hole password
PASSWORD=$(gen_passwd 12 "a-zA-Z0-9")
# Set a new admin password
check_command pihole -a -p "$PASSWORD"
# Get the ipv6-address from the config file
IPV6_ADDRESS=$(grep "IPV6_ADDRESS=" /etc/pihole/setupVars.conf)
IPV6_ADDRESS="${IPV6_ADDRESS##*IPV6_ADDRESS=}"
# Create contab entry
crontab -u root -l | grep -v "pihole-update.sh" | crontab -u root -
crontab -u root -l | { cat; echo "30 19 * * 6 $SCRIPTS/pihole-update.sh >/dev/null" ; } | crontab -u root -
# Add firewall entry
ufw allow 53/tcp comment 'Pi-hole TCP' &>/dev/null
ufw allow 53/udp comment 'Pi-hole UDP' &>/dev/null
ufw allow 8094/tcp comment 'Pi-hole Web' &>/dev/null
# Show that everything was set up correctly
msg_box "Congratulations, your Pi-hole was set up correctly!
It is now reachable on:
https://$ADDRESS:8094/admin
Your password is: $PASSWORD"
# Show the address
msg_box "You can now configure your devices to use the Pi-hole as their DNS server using:
IPv4: $ADDRESS
IPv6: ${IPV6_ADDRESS:-Not Configured}"
# Show how to use pihole in the command line
msg_box "How to use Pi-hole on the command line:
You can reset the Pi-hole admin password by running:
'pihole -a -p'
A list of available options is shown by running:
'pihole -h'"
# Inform about updates
msg_box "Concerning updates:
We have created an update script that you can use to update your Pi-hole by running:
'bash $SCRIPTS/pihole-update.sh'
Updates will automatically be executed every saturday at 19:30"
# Ask if the user wants to install unbound
if ! yesno_box_yes "Do you want to enables your Pi-hole to be a recursive DNS server?
If you press 'yes', we will install unbound and configure your Pi-hole to use that."
then
exit
fi
# Install needed tools
install_if_not unbound
cat << UNBOUND_CONF > /etc/unbound/unbound.conf.d/pi-hole.conf
server:
# To see what those variables do, look here:
# https://docs.pi-hole.net/guides/unbound/
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: no
prefer-ip6: no
harden-glue: yes
harden-dnssec-stripped: yes
use-caps-for-id: no
edns-buffer-size: 1472
prefetch: yes
num-threads: 1
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
UNBOUND_CONF
# Wait for unbound to restart
print_text_in_color "$ICyan" "Restarting unbound..."
sleep 10 & spinner_loading
# Restart unbound
check_command service unbound restart
# Testing DNSSEC
if ! dig sigfail.verteiltesysteme.net @127.0.0.1 -p 5335 | grep -q "SERVFAIL"
then
msg_box "Something got wrong while testing SERVFAIL.
Please report this to $ISSUES"
elif ! dig sigok.verteiltesysteme.net @127.0.0.1 -p 5335 | grep -q "NOERROR"
then
msg_box "Something got wrong while testing NOERROR.
Please report this to $ISSUES"
fi
# Set up Pi-hole
sed -i 's|^PIHOLE_DNS_1=.*|PIHOLE_DNS_1=127.0.0.1#5335|' /etc/pihole/setupVars.conf
sed -i '/^PIHOLE_DNS_2=.*/d' /etc/pihole/setupVars.conf
# Wait for pihole to restart
print_text_in_color "$ICyan" "Restarting pihole..."
sleep 5
# Try to restart Pi-hole to apply the new settings
if ! pihole restartdns
then
msg_box "Something got wrong during the Pi-hole unbound restart.
Please report this to $ISSUES"
exit 1
fi
# Fix dns disconnections
crontab -u root -l | grep -v "systemctl restart unbound" | crontab -u root -
crontab -u root -l | { cat; echo "@hourly systemctl restart unbound" ; } | crontab -u root -
# Inform the user
msg_box "Congratulations!
Unbound was successfully installed and Pi-hole was successfully configured as recursive DNS server."
exit

280
not-supported/pivpn.sh
View File

@ -1,280 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="PiVPN"
SCRIPT_EXPLAINER="PiVPN is one of the fastest and most user friendly ways to get a running Wireguard VPN server.
This script will set up a Wireguard VPN server to connect devices to your home net from everywhere.
Wireguard is a relatively new VPN protocol, that is much faster and better then e.g. OpenVPN."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if already installed
if ! pivpn &>/dev/null
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Choose to uninstall
if ! yesno_box_no "It seems like PiVPN is already installed.
Do you want to uninstall PiVPN and reset all its settings?
This will also remove all clients that have currently home network access via Wireguard."
then
exit 1
fi
# Get installed applications
INSTALLED=$(grep "INSTALLED_PACKAGES=" /etc/pivpn/wireguard/setupVars.conf)
INSTALLED="${INSTALLED##*INSTALLED_PACKAGES=}"
INSTALLED=$(echo "$INSTALLED" | sed 's|(||;s|)||')
# Warning
msg_box "Warning! Continuing in the next step will reboot your server after completion automatically!"
# Inform about possible problems
msg_box "Attention!
It could happen that the automatic reboot after uninstalling PiVPN fails (it doesn't finish with shutdown).
In this case, you will need to power off your device by hand.
Also it might happen that it will not remove pivpn successfully in this case.
If this is the case, just run the uninstallation again."
if ! yesno_box_yes "Do you want to continue?"
then
exit 1
fi
# Last chance to cancel
if ! yesno_box_yes "The following packets will get uninstalled, too:
$INSTALLED
Do they look correct to you? If not, you can press 'no' and we will not remove anything.
If you press 'yes', we will remove PiVPN, its settings and all those listed programs \
and automatically reboot your server afterwards."
then
exit 1
fi
# Last msg_box
msg_box "After you hit okay, we will remove PiVPN, all its settings and all listed programs \
and reboot your server automatically."
# Remove firewall rule
ufw delete allow 51820/udp &>/dev/null
# Remove PiVPN and reboot
yes | pivpn uninstall
# Remove some leftovers
rm -r /etc/wireguard*
ip link set down wg0
ip link del dev wg0
rm -f "$SCRIPTS/pivpn.sh"
# Just to make sure
reboot
fi
# Check if Pi-hole is already installed
if ! pihole &>/dev/null
then
# Inform the user
msg_box "It seems like Pi-hole is not installed.
It is recommended to install it first if you want to use it, \
because you will have the chance to use it as the DNS-server for Wireguard \
if it is installed before installing Wireguard."
# Ask if the user wants to continue
if ! yesno_box_no "Do you want to continue nonetheless?"
then
exit 1
fi
fi
# Test if the user is okay
if [ -z "$UNIXUSER" ] || ! find /home -maxdepth 1 -mindepth 1 | grep -q "$UNIXUSER"
then
msg_box "It seems like you run this script as pure root \
or your user doesn't have a home directory. This is not supported."
exit 1
fi
# Inform the user
msg_box "Before installing PiVPN please make sure that you have a backup of your NcVM.
The reason is, that to install the the PiVPN we will need to run a 3rd party script on your NcVM.
Something could go wrong. So please keep backups!"
# Automatically get the domain
if [ -f "$NCPATH/occ" ]
then
# Get the NCDOMAIN
NCDOMAIN=$(nextcloud_occ_no_check config:system:get overwrite.cli.url | sed 's|https://||;s|/||')
# Check if Nextcloud is installed
if ! curl -s https://"$NCDOMAIN"/status.php | grep -q 'installed":true' || [ "$NCDOMAIN" = "nextcloud" ]
then
msg_box "It seems like Nextcloud is not installed or that you don't use https on:
$NCDOMAIN.
Please install Nextcloud and make sure your domain is reachable, or activate TLS
on your domain to be able to run this script.
We need this to make sure that the domain works for connections over Wireguard."
exit 1
fi
fi
# Ask if backups are ready
if ! yesno_box_no "Have you made a backup of your NcVM?
This is the last possibility to quit!
If you choose 'yes' we will continue with the installation."
then
exit 1
fi
# Ask for the domain
if ! [ -f "$NCPATH/occ" ]
then
# Enter the NCDOMAIN yourself
NCDOMAIN=$(input_box_flow "Please enter the domain that you want to use for Wireguard.
It should most likely point to your home ip address via DDNS.")
fi
# Inform user to open Port
msg_box "To make Wireguard work, you will need to open port 51820 UDP.
You will have the option to automatically open this port by using UPNP in the next step."
if yesno_box_no "Do you want to use UPNP to open port 51820 UDP?"
then
unset FAIL
open_port 51820 UDP
cleanup_open_port
fi
# Check the port
if ! yesno_box_yes "Unfortunately we are not able to check automatically if port 51820 UDP is open. So please make sure to open it correctly!\nDo you still want to continue?"
then
exit 1
fi
# Inform the user about PIVPN
msg_box "Just so that you don't wonder:
We will use the scripts from the PiVPN project.
They are made for the Raspberry Pi but work on Ubuntu without any problem.
This is why we decided to use this project as foundation for Wireguard.
The next popups are from the PiVPN script.
This is their official website: https://pivpn.io/"
# Inform the user
print_text_in_color "$ICyan" "Installing PiVPN..."
# Download the script
check_command curl -sfL https://install.pivpn.io -o "$SCRIPTS"/pivpn-install.sh
# Check that all patterns match
if ! grep -q "maybeOSSupport$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "askWhichVPN$" "$SCRIPTS"/pivpn-install.sh \
|| ! grep -q "askPublicIPOrDNS$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "askCustomPort$" "$SCRIPTS"/pivpn-install.sh \
|| ! grep -q "askUnattendedUpgrades$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "displayFinalMessage$" "$SCRIPTS"/pivpn-install.sh \
|| ! grep -q "chooseUser$" "$SCRIPTS"/pivpn-install.sh || ! grep -q "welcomeDialogs$" "$SCRIPTS"/pivpn-install.sh
then
msg_box "It seems like some functions in pivpn-install.sh have changed.
Please report this to $ISSUES"
exit 1
fi
# Continue with the process
sed -i 's|maybeOSSupport$|# maybeOSSupport|' "$SCRIPTS"/pivpn-install.sh # We don't need to check the OS since Ubuntu is supported
sed -i 's|askWhichVPN$|# askWhichVPN|' "$SCRIPTS"/pivpn-install.sh # We always want to use Wireguard
sed -i 's|askPublicIPOrDNS$|# askPublicIPOrDNS|' "$SCRIPTS"/pivpn-install.sh # We will set the hostname automatically
sed -i 's|askCustomPort$|# askCustomPort|' "$SCRIPTS"/pivpn-install.sh # We always use port 51820
sed -i 's|askUnattendedUpgrades$|# askUnattendedUpgrades|' "$SCRIPTS"/pivpn-install.sh # We don't want to enable unattended upgrades
sed -i 's|displayFinalMessage$|# displayFinalMessage|' "$SCRIPTS"/pivpn-install.sh # We don't want to show the final message
sed -i 's|chooseUser$|# chooseUser|' "$SCRIPTS"/pivpn-install.sh # We want to use the UNIXUSER
sed -i 's|welcomeDialogs$|# welcomeDialogs|' "$SCRIPTS"/pivpn-install.sh # We don't want to display the welcoem dialog
# Set and export defaults
pivpnPORT=51820 && export pivpnPORT
VPN="wireguard" && export VPN
UNATTUPG=0 && export UNATTUPG
# Run the script
bash "$SCRIPTS"/pivpn-install.sh
# Remove the script since it is no longer needed
check_command rm "$SCRIPTS"/pivpn-install.sh
# Check if PiVPN was successfully installed
if ! pivpn &>/dev/null
then
msg_box "Something got wrong during pivpn-install.sh
Please report this to $ISSUES"
exit 1
fi
PIVPN_CONF="/etc/pivpn/wireguard/setupVars.conf"
if [ -f "$PIVPN_CONF" ] && ! grep -q "pivpnHOST" "$PIVPN_CONF" \
&& ! grep -q "UNATTUPG" "$PIVPN_CONF" && ! grep -q "pivpnPORT" "$PIVPN_CONF" \
&& ! grep -q "install_user" "$PIVPN_CONF" && ! grep -q "install_home" "$PIVPN_CONF"
then
# Write values to setupVars.conf
cat << PIVPN_CONF >> /etc/pivpn/wireguard/setupVars.conf
pivpnHOST=$NCDOMAIN
UNATTUPG=0
pivpnPORT=51820
install_user=$UNIXUSER
install_home=/home/$UNIXUSER
PIVPN_CONF
else
msg_box "Couldn't write configuration to setupVars.conf.
Please report this to $ISSUES"
exit 1
fi
# Add firewall rule
ufw allow 51820/udp comment 'PiVPN' &>/dev/null
# Inform the user about successfully installing PiVPN
msg_box "Congratulations, your PiVPN was set up correctly!
You can now generate new client profiles for your devices by running:
'pivpn -a'
Adding the new profile to a mobile phone (using the Wireguard app) can get afterwards done by running:
'pivpn -qr'
Attention! Every device needs its own profile!
A list of available options is shown by running:
'pivpn -h'"
msg_box "Have you secure boot enabled?
If you had to configure a secure boot key during the PiVPN scripts, \
it is recommended to reboot your server now and follow those instructions:
1. select to reboot
2. On the next startup you will see now the MOK-management-console.
3. select 'Enroll MOK'
4. select 'Yes' when asked 'Enroll the Key(s)?'
5. Enter the password
6. reboot
Afterwards the startup should work automatically again."
if yesno_box_yes "Do you want to reboot now?
This is only needed, if you have secure boot enabled and \
needed to enter a secure boot key during the PiVPN script."
then
reboot
fi
exit

164
not-supported/plexmediaserver.sh
View File

@ -1,164 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="PLEX Media Server"
SCRIPT_EXPLAINER="PLEX Media Server is a server application that let's \
you enjoy all your photos, music, videos, and movies in one place."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if already installed
if is_this_installed plexmediaserver
then
msg_box "It seems like PLEX Media Server is already installed.
If you want to delete PLEX Media Server and it's data to be able \
to start from scratch, run the following two commands:
'sudo apt-get purge plexmediaserver'
'sudo deluser plex'
Attention! This will delete the user-data:
'sudo rm -r /var/lib/plexmediaserver'"
exit 1
fi
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
msg_box "It seems like PLEX Media Server is already installed.
If you want to delete PLEX Media Server and it's data to be able \
to start from scratch, run the following two commands:
'sudo docker stop plex'
'sudo docker rm plex'
Attention! This will delete the user-data:
'sudo rm -r /home/plex'"
exit 1
fi
# Ask for installing
install_popup "$SCRIPT_NAME"
# Test Hardware transcoding
DRI_DEVICE=(--device=/dev/dri:/dev/dri -d)
if lspci -v -s "$(lspci | grep VGA | cut -d" " -f 1)" | grep -q "Kernel driver in use: i915"
then
msg_box "Hardware transcoding is available. It is recommended to activate this in Plex later \
but requires a Plex Pass. You can learn more about Plex Pass here: 'www.plex.tv/plex-pass'"
else
msg_box "Hardware transcoding is NOT available. It is not recommended to continue."
if ! yesno_box_no "Do you want to continue nonetheless?"
then
exit 1
fi
# -d is here since the docker run command would fail if DRI_DEVICE is empty
DRI_DEVICE=(-d)
fi
# Find mounts
DIRECTORIES=$(find /mnt/ -mindepth 1 -maxdepth 2 -type d | grep -v "/mnt/ncdata")
mapfile -t DIRECTORIES <<< "$DIRECTORIES"
for directory in "${DIRECTORIES[@]}"
do
if mountpoint -q "$directory" && [ "$(stat -c '%a' "$directory")" = "770" ]
then
if [ "$(stat -c '%U' "$directory")" = "www-data" ] && [ "$(stat -c '%G' "$directory")" = "www-data" ]
then
MOUNTS+=(-v "$directory:$directory:ro")
elif [ "$(stat -c '%U' "$directory")" = "plex" ] && [ "$(stat -c '%G' "$directory")" = "plex" ]
then
MOUNTS+=(-v "$directory:$directory:ro")
fi
fi
done
if [ -z "${MOUNTS[*]}" ]
then
msg_box "No usable drive found. You have to mount a new drive in /mnt."
exit 1
fi
# Install Docker
install_docker
# Create plex user
if ! id plex &>/dev/null
then
check_command adduser --no-create-home --quiet --disabled-login --uid 1005 --gid 1006 --force-badname --gecos "" "plex"
fi
PLEX_UID="$(id -u plex)"
PLEX_GID="$(id -g www-data)"
# Create home directory
mkdir -p /home/plex/config
mkdir -p /home/plex/transcode
chown -R plex:plex /home/plex
chmod -R 770 /home/plex
# Get docker container
print_text_in_color "$ICyan" "Getting Plex Media Server..."
docker pull plexinc/pms-docker
# Create Plex
# Plex needs ports: 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp
print_text_in_color "$ICyan" "Installing Plex Media Server..."
docker run \
--name plex \
--restart always \
--network=host \
-e PLEX_UID="$PLEX_UID" \
-e PLEX_GID="$PLEX_GID" \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-v /home/plex/config:/config \
-v /home/plex/transcode:/transcode \
"${MOUNTS[@]}" \
"${DRI_DEVICE[@]}" \
plexinc/pms-docker
# Add prune command
add_dockerprune
# Crontab entry no longer needed
crontab -u root -l | grep -v "docker restart plex" | crontab -u root -
# Add firewall rules
for port in 32400/tcp 3005/tcp 8324/tcp 32469/tcp 1900/udp 32410/udp 32412/udp 32413/udp 32414/udp
do
ufw allow "$port" comment "Plex $port" &>/dev/null
done
# Inform the user
msg_box "PLEX Media Server was successfully installed.
This script is not at the end yet so please continue."
# Ask if external acces shall get activated
if yesno_box_yes "Do you want to enable access for PLEX from outside of your LAN?"
then
msg_box "You will have to open port 32400 TCP to make this work.
You will have the option to automatically open this port by using UPNP in the next step."
if yesno_box_no "Do you want to use UPNP to open port 32400 TCP?"
then
unset FAIL
open_port 32400 TCP
cleanup_open_port
fi
msg_box "After you hit okay, we will check if port 32400 TCP is open."
check_open_port 32400 "$WANIP4"
fi
msg_box "You should visit 'http://$ADDRESS:32400/web' to set up your PLEX Media Server next.
Advice: All your drives should be mounted in a subfolder of '/mnt'"
exit

379
not-supported/remotedesktop.sh
View File

@ -1,379 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Remotedesktop"
SCRIPT_EXPLAINER="This script simplifies the installation of XRDP which allows you to connect via RDP from other devices \
and offers some additional applications that you can choose to install."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if xrdp is installed
if ! is_this_installed xrdp
then
# Ask for installing
install_popup "$SCRIPT_NAME"
XRDP_INSTALL=1
# Don't run this script as root user, because we will need the account
if [ -z "$UNIXUSER" ]
then
msg_box "Please don't run this script as pure root user!"
exit 1
fi
# Check if gnome-session is installed
if ! is_this_installed gnome-session
then
msg_box "To make xrdp work, you will need to install a desktop environment.
We've chosen the Gnome desktop in a minimal install.
If you have already installed a desktop environment, you will not need to install it."
if yesno_box_yes "Do you want to install the Gnome desktop?"
then
# Install gnome-session
print_text_in_color "$ICyan" "Installing gnome-session..."
apt-get update -q4 & spinner_loading
apt-get install gnome-session --no-install-recommends -y
sudo -u "$UNIXUSER" dbus-launch gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,maximize,close"
sudo -u "$UNIXUSER" dbus-launch gsettings set org.gnome.desktop.interface enable-animations false
fi
fi
# Install xrdp
print_text_in_color "$ICyan" "Installing xrdp..."
install_if_not xrdp
adduser xrdp ssl-cert
# Make sure that you don't get prompted with a password request after login
cat << DESKTOP_CONF > /etc/polkit-1/localauthority/50-local.d/allow-update-repo.pkla
[Allow Package Management all Users]
Identity=unix-user:*
Action=org.freedesktop.packagekit.system-sources-refresh
ResultAny=yes
ResultInactive=yes
ResultActive=yes
DESKTOP_CONF
cat << DESKTOP_CONF > /etc/polkit-1/localauthority/50-local.d/color.pkla
[Allow colord for all users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=yes
ResultInactive=yes
ResultActive=yes
DESKTOP_CONF
print_text_in_color "$ICyan" "Waiting for xrdp to restart..."
sleep 5
check_command systemctl restart xrdp
# Allow to power off by pressing the power button
install_if_not acpid
mkdir -p /etc/acpi/events
cat << POWER > /etc/acpi/events/power
event=button/power
action=/sbin/poweroff
POWER
print_text_in_color "$ICyan" "Waiting for acpid to restart..."
sleep 5
check_command systemctl restart acpid
# Create plex user
if ! id plex &>/dev/null
then
check_command adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "plex"
fi
# Add the user to the www-data and plex group to be able to write to all disks
usermod --append --groups www-data,plex "$UNIXUSER"
# Add firewall rule
ufw allow 3389/tcp comment Remotedesktop &>/dev/null
# Inform the user
msg_box "XRDP was successfully installed.
You should be able to connect via an RDP client with your server \
using the credentials of $UNIXUSER and the server ip-address $ADDRESS"
fi
# Needed to be able to access Nextcloud via localhost directly
nextcloud_occ_no_check config:system:delete trusted_proxies "11"
# Eye of Gnome
if is_this_installed eog
then
EOG_SWITCH=OFF
else
EOG_SWITCH=ON
fi
# Firefox
if is_this_installed firefox
then
FIREFOX_SWITCH=OFF
else
FIREFOX_SWITCH=ON
fi
# Gedit
if is_this_installed gedit
then
GEDIT_SWITCH=OFF
else
GEDIT_SWITCH=ON
fi
# grsync
if is_this_installed grsync
then
GRSYNC_SWITCH=OFF
else
GRSYNC_SWITCH=ON
fi
# MakeMKV
if is_this_installed makemkv-oss || is_this_installed makemkv-bin
then
MAKEMKV_SWITCH=OFF
else
MAKEMKV_SWITCH=ON
fi
# OnlyOffice
if is_this_installed onlyoffice-desktopeditors
then
ONLYOFFICE_SWITCH=OFF
else
ONLYOFFICE_SWITCH=ON
fi
# Picard
if is_this_installed picard
then
PICARD_SWITCH=OFF
else
PICARD_SWITCH=ON
fi
# File manager nautilus
if is_this_installed nautilus
then
NAUTILUS_SWITCH=OFF
else
NAUTILUS_SWITCH=ON
fi
# Sound Juicer
if is_this_installed sound-juicer
then
SJ_SWITCH=OFF
else
SJ_SWITCH=ON
fi
# VLC
if is_this_installed vlc
then
VLC_SWITCH=OFF
else
VLC_SWITCH=ON
fi
# Create a menu with desktop apps
choice=$(whiptail --title "$TITLE" --checklist \
"This menu lets you install pre-chosen desktop apps.
It is smart and has selected only options that are not yet installed.
Choose which ones you want to install.
If you select apps that are already installed you will have the choice to uninstall them.
$CHECKLIST_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"Eye of Gnome" "(Image Viewer)" "$EOG_SWITCH" \
"Firefox" "(Internet Browser)" "$FIREFOX_SWITCH" \
"Gedit" "(Text Editor)" "$GEDIT_SWITCH" \
"Grsync" "(File sync)" "$GRSYNC_SWITCH" \
"MakeMKV" "(Rip DVDs and Blu-rays)" "$MAKEMKV_SWITCH" \
"Nautilus" "(File Manager)" "$NAUTILUS_SWITCH" \
"OnlyOffice" "(Open Source Office Suite)" "$ONLYOFFICE_SWITCH" \
"Picard" "(Music tagger)" "$PICARD_SWITCH" \
"Sound Juicer" "(Rip CDs)" "$SJ_SWITCH" \
"VLC" "(Play Videos and Audio)" "$VLC_SWITCH" \
"XRDP" "(Uninstall XRDP and all listed desktop apps)" OFF 3>&1 1>&2 2>&3)
# Function for installing or removing packets
install_remove_packet() {
if is_this_installed "$1"
then
print_text_in_color "$ICyan" "Uninstalling $2"
apt-get purge "$1" -y
if [ "$1" = "grsync" ]
then
apt-get purge gnome-themes-extra -y
fi
apt-get autoremove -y
if [ "$1" = "nautilus" ]
then
rm -f /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop
rm -f /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks
fi
print_text_in_color "$ICyan" "$2 was successfully uninstalled."
else
print_text_in_color "$ICyan" "Installing $2"
install_if_not "$1"
# Settings for nautilus
if [ "$1" = "nautilus" ]
then
mkdir -p /home/"$UNIXUSER"/.local/share/applications/
cp /usr/share/applications/org.gnome.Nautilus.desktop /home/"$UNIXUSER"/.local/share/applications/
sed -i 's|^Exec=nautilus.*|Exec=nautilus --new-window /mnt|' /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop
sed -i 's|DBusActivatable=true|# DBusActivatable=true|' /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop
chmod +x /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop
mkdir -p /home/"$UNIXUSER"/.config/gtk-3.0
echo "file:///mnt" > /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks
chmod 664 /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks
chown -R "$UNIXUSER":"$UNIXUSER" /home/"$UNIXUSER"
elif [ "$1" = "vlc" ]
then
sudo sed -i 's|geteuid|getppid|' /usr/bin/vlc
elif [ "$1" = "grsync" ]
then
install_if_not gnome-themes-extra
fi
print_text_in_color "$ICyan" "$2 was successfully installed"
fi
}
case "$choice" in
*"XRDP"*)
SUBTITLE="XRDP"
msg_box "This option will uninstall XRDP and all other desktop applications from this list \
as well as the gnome desktop." "$SUBTITLE"
if yesno_box_no "Do you want to do this?" "$SUBTITLE"
then
APPS=(evince eog firefox gedit grsync gnome-themes-extra makemkv-oss makemkv-bin nautilus onlyoffice-desktopeditors \
picard sound-juicer vlc acpid gnome-shell-extension-dash-to-panel gnome-shell-extension-arc-menu gnome-session xrdp)
for app in "${APPS[@]}"
do
if is_this_installed "$app"
then
apt-get purge "$app" -y
fi
done
apt-get autoremove -y
systemctl set-default multi-user
add-apt-repository --remove ppa:heyarje/makemkv-beta -y
apt-get update -q4 & spinner_loading
rm -f /etc/polkit-1/localauthority/50-local.d/46-allow-update-repo.pkla
rm -f /etc/polkit-1/localauthority/50-local.d/allow-update-repo.pkla
rm -f /etc/polkit-1/localauthority/50-local.d/color.pkla
rm -f /home/"$UNIXUSER"/.local/share/applications/org.gnome.Nautilus.desktop
rm -f /home/"$UNIXUSER"/.config/gtk-3.0/bookmarks
ufw delete allow 3389/tcp &>/dev/null
msg_box "XRDP and all desktop applications were successfully uninstalled." "$SUBTITLE"
exit
fi
;;&
*"Eye of Gnome"*)
install_remove_packet eog "Eye of Gnome"
;;&
*"Firefox"*)
install_remove_packet firefox Firefox
;;&
*"Gedit"*)
install_remove_packet gedit Gedit
;;&
*"Grsync"*)
install_remove_packet grsync Grsync
;;&
*"MakeMKV"*)
SUBTITLE="MakeMKV"
if is_this_installed makemkv-oss || is_this_installed makemkv-bin
then
print_text_in_color "$ICyan" "Uninstalling $SUBTITLE"
apt-get purge makemkv-oss -y
apt-get purge makemkv-bin -y
apt-get autoremove -y
add-apt-repository --remove ppa:heyarje/makemkv-beta -y
apt-get update -q4 & spinner_loading
print_text_in_color "$ICyan" "$SUBTITLE was successfully uninstalled."
else
msg_box "MakeMKV is not open source. This is their official website: makemkv.com
We will need to add a 3rd party repository to install it which can set your server under risk." "$SUBTITLE"
if yesno_box_yes "Do you want to install MakeMKV nonetheless?" "$SUBTITLE"
then
print_text_in_color "$ICyan" "Installing $SUBTITLE"
if add-apt-repository ppa:heyarje/makemkv-beta -y
then
apt-get update -q4 & spinner_loading
apt-get install makemkv-oss makemkv-bin -y
print_text_in_color "$ICyan" "$SUBTITLE was successfully installed"
else
msg_box "Something failed while trying to add the new repository" "$SUBTITLE"
fi
fi
fi
unset SUBTITLE
;;&
*"Nautilus"*)
install_remove_packet nautilus Nautilus
;;&
*"OnlyOffice"*)
SUBTITLE="OnlyOffice"
if is_this_installed onlyoffice-desktopeditors
then
print_text_in_color "$ICyan" "Uninstalling $SUBTITLE"
apt-get purge onlyoffice-desktopeditors -y
apt-get autoremove -y
rm -f /etc/apt/sources.list.d/onlyoffice-desktopeditors.list
apt-get update -q4 & spinner_loading
print_text_in_color "$ICyan" "$SUBTITLE was successfully uninstalled."
else
msg_box "OnlyOffice Desktop Editors are open source but not existing in the Ubuntu repositories.
Hence, we will add a 3rd-party repository to your server \
to be able to install and update OnlyOffice Desktop Editors using the apt packet manager.
This can set your server under risk, though!" "$SUBTITLE"
if yesno_box_yes "Do you want to install OnlyOffice Desktop Editors nonetheless?" "$SUBTITLE"
then
print_text_in_color "$ICyan" "Installing $SUBTITLE"
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
echo "deb https://download.onlyoffice.com/repo/debian squeeze main" \
> /etc/apt/sources.list.d/onlyoffice-desktopeditors.list
apt-get update -q4 & spinner_loading
install_if_not onlyoffice-desktopeditors
print_text_in_color "$ICyan" "$SUBTITLE was successfully installed"
fi
fi
unset SUBTITLE
;;&
*"Picard"*)
install_remove_packet picard Picard
;;&
*"Sound Juicer"*)
install_remove_packet sound-juicer "Sound Juicer"
;;&
*"VLC"*)
install_remove_packet vlc VLC
;;&
*)
;;
esac
# Allow to reboot if xrdp was just installed because otherwise the usermod won't apply
if [ -n "$XRDP_INSTALL" ]
then
if yesno_box_yes "Do you want to reboot your server now?
After the initial installation of XRDP it is recommended to reboot the server to apply all settings."
then
reboot
fi
fi
exit

724
not-supported/restore-backup.sh
View File

@ -1,724 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
# shellcheck disable=SC2024
true
SCRIPT_NAME="Restore Backup"
SCRIPT_EXPLAINER="This script allows to restore Nextcloud and other important data that are \
stored on the system partition on different installations than the borg-backup was initially made."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check prerequisites
# install whiptail if not already installed
install_if_not whiptail
print_text_in_color "$ICyan" "Checking prerequisites..."
# Check if Restoring is possible
# Check if daily-borg-backup exists
if ! nextcloud_occ_no_check -V || [ -f "$SCRIPTS/daily-borg-backup.sh" ]
then
SNAPSHOT_USED=$(lvs -o name,data_percent | grep "NcVM-reserved" | awk '{print $2}' | sed 's|\..*||' | sed 's|,.*||')
if [ -n "$SNAPSHOT_USED" ] && [ "$SNAPSHOT_USED" -lt 100 ]
then
if yesno_box_no "A usable snapshot was found! \
Do you want to reset your system to the state before a backup restore was attempted?"
then
lvconvert --merge /dev/ubuntu-vg/NcVM-reserved -y
sleep 1
msg_box "We will now reboot your system to finalize the merging of the snapshot."
reboot
fi
fi
msg_box "It seems like the daily-borg-backup.sh exists.\nThis is not supported. Please start all over again with a new NcVM."
exit 1
fi
if [ ! -f "$NCPATH/occ" ]
then
msg_box "It seems like the default Nextcloud is not installed in $NCPATH.\nThis is not supported."
exit 1
fi
# Check webserveruser
if [ "$(stat -c '%G' "$NCPATH"/occ)" != "www-data" ]
then
msg_box "It seems like the webserveruser is not www-data.\nThis is not supported."
exit 1
fi
# Check OS_ID
if [ "$(lsb_release -is)" != "Ubuntu" ]
then
msg_box "This script is only meant to run on Ubuntu.\nThis is not supported"
exit 1
fi
# Check if datadirectory is mnt-ncdata
if [ "$(nextcloud_occ config:system:get datadirectory)" != "$NCDATA" ]
then
msg_box "It seems like the default NCDATA-path is not /mnt/ncdata.\nThis is not supported."
exit 1
fi
# Check if dbtype is pgsql
if [ "$(nextcloud_occ config:system:get dbtype)" != "pgsql" ]
then
msg_box "It seems like the default dbtype is not postgresql.\nThis is not supported."
exit 1
fi
# Check if dbname is nextcloud_db
if [ "$(nextcloud_occ config:system:get dbname)" != "nextcloud_db" ]
then
msg_box "It seems like the default dbname is not nextcloud_db.\nThis is not supported."
exit 1
fi
# Check if dbuser is ncadmin
if [ "$(nextcloud_occ config:system:get dbuser)" != "$PGDB_USER" ]
then
msg_box "It seems like the default dbuser is not $PGDB_USER.\nThis is not supported."
exit 1
fi
# Check if apache2 is installed
if ! is_this_installed apache2
then
msg_box "It seems like your webserver is not apache2.\nThis is not supported."
exit 1
fi
# Check if pending snapshot is existing and cancel the setup in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "It seems to be currently running a backup or update.
Cannot restore the backup now. Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
elif does_snapshot_exist "NcVM-startup"
then
msg_box "Please run the update script once before you can continue."
exit 1
fi
# Check if snapshot exists
if ! does_snapshot_exist "NcVM-snapshot"
then
msg_box "Unfortunately NcVM-snapshot doesn't exist, hence you are not able to restore the system."
exit 1
elif ! does_snapshot_exist "NcVM-reserved"
then
lvchange --refresh ubuntu-vg
check_free_space
if [ "$FREE_SPACE" -lt 30 ]
then
msg_box "Unfortunately NcVM-reserved doesn't exist, hence you are not able to restore the system.
If you just restored and merged the snapshot, you might need to reboot the system another time with 'sudo reboot'."
exit 1
else
if ! lvcreate --size 30G --name "NcVM-reserved" ubuntu-vg
then
msg_box "Could not create NcVM-reserved snapshot! Please reboot your server and try again!"
exit 1
fi
fi
fi
# Check if /mnt/ncdata is mounted
if grep -q " /mnt/ncdata " /etc/mtab
then
msg_box "The '/mnt/ncdata' directory is mounted and not existing on the root drive.
This is currently not supported by this script."
exit 1
fi
# The same with the /home directory
if grep -q " /home " /etc/mtab
then
msg_box "The '/home' directory is mounted and not existing on the root drive.
This is currently not supported."
exit 1
fi
# Ask for execution
msg_box "$SCRIPT_EXPLAINER"
if ! yesno_box_yes "Do you want to restore your server from backup?"
then
exit 1
fi
# Mount drive
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
exit 1
fi
# Wait until the drive has spin up
countdown "Waiting for the drive to spin up..." 15
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive$")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the partition that you would like to mount.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important to show the partition menu
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3}')
PARTITION_STATS=$(lsblk -o KNAME,FSTYPE,SIZE,UUID,LABEL | grep "^$drive" | grep -v "^$drive ")
unset PARTITIONS
mapfile -t PARTITIONS <<< "$(echo "$PARTITION_STATS" | awk '{print $1}')"
for partition in "${PARTITIONS[@]}"
do
STATS=$(echo "$PARTITION_STATS" | grep "^$partition ")
FSTYPE=$(echo "$STATS" | awk '{print $2}')
if [ "$FSTYPE" != "ntfs" ] && [ "$FSTYPE" != "btrfs" ]
then
continue
fi
SIZE=$(echo "$STATS" | awk '{print $3}')
UUID=$(echo "$STATS" | awk '{print $4}')
if [ -z "$UUID" ]
then
continue
fi
LABEL=$(echo "$STATS" | awk '{print $5,$6,$7,$8,$9,$10,$11,$12}' | sed 's| |_|g' | sed -r 's|[_]+$||')
if ! grep -q "$UUID" /etc/fstab
then
args+=("$UUID" "$LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE")
UUIDS+="$UUID"
else
msg_box "The partition
$UUID $LABEL $DRIVE_DESCRIPTION $SIZE $FSTYPE
is already existing.\n
If you want to remove it, run the following two commands:
sudo sed -i '/$UUID/d' /etc/fstab
sudo reboot"
fi
done
done
# Check if at least one drive was found
if [ -z "$UUIDS" ]
then
msg_box "No drive found that can get mounted.
Most likely none is NTFS or BTRFS formatted."
exit 1
fi
# Show the partition menu
UUID=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$UUID" ]
then
exit 1
fi
# Mount the drive
DRIVE_MOUNT="/tmp/backupdrive"
mkdir -p "$DRIVE_MOUNT"
if mountpoint -q "$DRIVE_MOUNT"
then
umount "$DRIVE_MOUNT"
fi
if ! mount UUID="$UUID" "$DRIVE_MOUNT"
then
msg_box "Could not mount the selected drive. Something is wrong."
exit 1
fi
# Find borg repository
print_text_in_color "$ICyan" "Searching for the borg repository. Please be patient!\n(This will take max 60s)"
BORG_REPOS=$(timeout 60 find "$DRIVE_MOUNT/" -type f -name config)
if [ -z "$BORG_REPOS" ]
then
msg_box "No borg repository found. Are you sure that drive contains one?\nCannot proceed!"
umount "$DRIVE_MOUNT"
exit 1
fi
print_text_in_color "$IGreen" "Found:\n$BORG_REPOS"
print_text_in_color "$ICyan" "Checking if the found borg repositories are valid..."
sleep 2
mapfile -t BORG_REPOS <<< "$BORG_REPOS"
for repository in "${BORG_REPOS[@]}"
do
if grep -q "\[repository\]" "$repository"
then
if ! echo "$repository" | grep -q "/.snapshots/"
then
VALID_REPOS+=("${repository%/config}")
fi
fi
done
if [ -z "${VALID_REPOS[*]}" ]
then
msg_box "No valid borg repository found.\nCannot proceed!"
umount "$DRIVE_MOUNT"
exit 1
fi
# Repo menu
args=(whiptail --title "$TITLE" --menu \
"Please select the borg repository that you would like to use.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
for repository in "${VALID_REPOS[@]}"
do
args+=("$repository" "")
done
# Show the repo menu
BORG_REPO=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$BORG_REPO" ]
then
umount "$DRIVE_MOUNT"
exit 1
fi
# Install borg
print_text_in_color "$ICyan" "Installing borgbackup..."
install_if_not borgbackup
# Enter password
while :
do
PASSPHRASE=$(input_box_flow "Please enter the passphrase that was used to encrypt your borg backup.
If you want to cancel, type in 'exit' and press '[ENTER]'.")
if [ "$PASSPHRASE" = "exit" ]
then
umount "$DRIVE_MOUNT"
exit 1
fi
export BORG_PASSPHRASE="$PASSPHRASE"
if ! borg list "$BORG_REPO" >/dev/null
then
msg_box "It seems like the passphrase was wrong. Please try again!"
else
break
fi
done
# Break the borg lock if it exists because we have the snapshot that prevents such situations
if [ -f "$BORG_REPO/lock.roster" ]
then
print_text_in_color "$ICyan" "Breaking the borg lock..."
borg break-lock "$BORG_REPO"
fi
# Find available archives
ALL_ARCHIVES=$(borg list "$BORG_REPO")
SYSTEM_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-system-partition" | awk -F "-" '{print $1}' | sort -r)
# Test if at least one valid archive was found
if [ -z "$SYSTEM_ARCHIVES" ]
then
msg_box "Not even one valid archive found. Cannot continue."
restore_original_state
exit 1
fi
mapfile -t SYSTEM_ARCHIVES <<< "$SYSTEM_ARCHIVES"
# Create menu to select from available archives
unset args
args=(whiptail --title "$TITLE" --menu \
"Please select the backup archive that you want to restore.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
for archive in "${SYSTEM_ARCHIVES[@]}"
do
HUMAN_DATE=$(echo "$ALL_ARCHIVES" | grep "$archive" | head -1 | awk '{print $3}')
HUMAN_TIME=$(echo "$ALL_ARCHIVES" | grep "$archive" | head -1 | awk '{print $4}')
args+=("$archive" "The backup was made on $HUMAN_DATE $HUMAN_TIME")
done
# Show the menu
choice=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$choice" ]
then
msg_box "No archive selected. Exiting."
umount "$DRIVE_MOUNT"
exit 1
fi
# Get archive
BORG_ARCHIVE="$choice-NcVM-system-partition"
print_text_in_color "$ICyan" "Using the borg archive $BORG_ARCHIVE..."
# Test borg archive
msg_box "We've implemented the option to test the extraction of the backup before we start the restore process.
This can take a lot of time though and is because of that not the default."
if yesno_box_no "Do you want to test the extraction of the backup nonetheless?"
then
mkdir -p /tmp/borgextract
cd /tmp/borgextract
if ! borg extract --dry-run --list "$BORG_REPO::$BORG_ARCHIVE"
then
msg_box "Some errors were reported while checking the archive extracting.\nCannot proceed."
umount "$DRIVE_MOUNT"
exit 1
fi
fi
# Ask if proceed
if ! yesno_box_no "Do you want to restore your backup?
This is the last step where you can cancel!"
then
umount "$DRIVE_MOUNT"
exit 1
fi
# Create snapshot to be able to restore the system to previous state
if ! lvremove /dev/ubuntu-vg/NcVM-reserved -y
then
msg_box "Could not remove NcVM-reserved snapshot. Please reboot your system!"
umount "$DRIVE_MOUNT"
exit 1
fi
if ! lvcreate --size 30G --snapshot --name "NcVM-reserved" /dev/ubuntu-vg/ubuntu-lv
then
msg_box "Could not create NcVM-reserved snapshot. Please reboot your system!"
umount "$DRIVE_MOUNT"
exit 1
fi
# Mount borg backup
BORG_MOUNT=/tmp/borg
SYSTEM_DIR="$BORG_MOUNT/system"
mkdir -p "$BORG_MOUNT"
if ! borg mount "$BORG_REPO::$BORG_ARCHIVE" "$BORG_MOUNT"
then
msg_box "Could not mount the borg archive.\nCannot proceed."
umount "$DRIVE_MOUNT"
exit 1
fi
if ! [ -f "$SYSTEM_DIR/$SCRIPTS/nextclouddb.sql" ] && ! [ -f "$SYSTEM_DIR/$SCRIPTS/nextclouddb.dump" ]
then
msg_box "Could not find database dump. this is not supported."
umount "$BORG_MOUNT"
umount "$DRIVE_MOUNT"
exit 1
fi
# Maintenance mode
nextcloud_occ_no_check maintenance:mode --on
# Stop apache
systemctl stop apache2
# Delete ncdata and ncpath before restoring
rm -rf "$NCPATH"
rm -rf "$NCDATA"
# Important folders
# manually include
IMPORTANT_FOLDERS=(home/plex home/bitwarden_rs home/bitwarden home/vaultwarden "$SCRIPTS" mnt media "$NCPATH" root/.smbcredentials)
for directory in "${IMPORTANT_FOLDERS[@]}"
do
directory="${directory#/*}"
if echo "$directory" | grep -q '/'
then
PARENT3="${directory%/*}"
PARENT2="${PARENT3%/*}"
PARENT1="${PARENT2%/*}"
for parent in "$PARENT1" "$PARENT2" "$PARENT3"
do
if [ -n "$parent" ]
then
INCLUDE_DIRS+=(--include="$parent")
fi
done
fi
INCLUDE_DIRS+=(--include="$directory/***")
done
# Important files
IMPORTANT_FILES=(var/lib/samba/private/passdb.tdb var/lib/samba/private/secrets.tdb etc/samba/smb.conf)
for file in "${IMPORTANT_FILES[@]}"
do
if echo "$file" | grep -q '/'
then
PARENT4="${file%/*}"
PARENT3="${PARENT4%/*}"
PARENT2="${PARENT3%/*}"
PARENT1="${PARENT2%/*}"
for parent in "$PARENT1" "$PARENT2" "$PARENT3" "$PARENT4"
do
if [ -n "$parent" ]
then
INCLUDE_DIRS+=(--include="$parent")
fi
done
fi
INCLUDE_FILES+=(--include="$file")
done
# Exclude some dirs
EXCLUDE_DIRECTORIES=("home/plex/config/Library/Application Support/Plex Media Server/Cache" "$NCDATA"/appdata_*/preview "$NCDATA"/*/files_trashbin "$NCDATA"/*/files_versions mnt/NCBACKUP mnt/NCBACKUP-OLD "$NCDATA"/*/uploads)
for directory in "${EXCLUDE_DIRECTORIES[@]}"
do
directory="${directory#/*}"
EXCLUDE_DIRS+=(--exclude "$directory/*")
done
# Restore files
# Rsync include/exclude patterns: https://stackoverflow.com/a/48010623
if ! rsync --archive --delete --human-readable --one-file-system -vv \
"${EXCLUDE_DIRS[@]}" "${INCLUDE_DIRS[@]}" "${INCLUDE_FILES[@]}" --exclude='*' "$SYSTEM_DIR/" /
then
msg_box "An issue was reported while restoring all needed files."
umount "$BORG_MOUNT"
umount "$DRIVE_MOUNT"
exit 1
fi
# Database
print_text_in_color "$ICyan" "Restoring the database..."
DB_PASSWORD=$(grep "dbpassword" "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g")
OLD_DB_USER=$(grep "dbuser" "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g")
set -e
sudo -Hiu postgres psql -c "ALTER USER $PGDB_USER WITH PASSWORD '$DB_PASSWORD'"
sudo -Hiu postgres psql -c "DROP DATABASE nextcloud_db;"
sudo -Hiu postgres psql -c "CREATE DATABASE nextcloud_db WITH OWNER $PGDB_USER TEMPLATE template0 ENCODING \"UTF8\";"
if [ "$OLD_DB_USER" != "$PGDB_USER" ]
then
sudo -Hiu postgres psql -c "CREATE USER $OLD_DB_USER WITH PASSWORD '$PGDB_PASS'";
fi
set +e
if [ -f "$SCRIPTS/nextclouddb.dump" ]
then
if ! sudo -Hiu postgres psql nextcloud_db < "$SCRIPTS/nextclouddb.dump"
then
msg_box "An issue was reported while restoring the database."
umount "$BORG_MOUNT"
umount "$DRIVE_MOUNT"
exit 1
fi
else
msg_box "Did not find database dump. Cannot continue."
umount "$BORG_MOUNT"
umount "$DRIVE_MOUNT"
exit 1
fi
set -e
if [ "$OLD_DB_USER" != "$PGDB_USER" ]
then
sudo -Hiu postgres psql -c "ALTER DATABASE nextcloud_db OWNER TO \"$PGDB_USER\"";
sudo -Hiu postgres psql nextcloud_db -c "REASSIGN OWNED BY \"$OLD_DB_USER\" TO \"$PGDB_USER\"";
sudo -Hiu postgres psql -c "DROP USER \"$OLD_DB_USER\"";
fi
set +e
# Change dbuser to new one
sed -i "s|'dbuser' =>.*,|'dbuser' => '$PGDB_USER',|" "$NCPATH/config/config.php"
# NTFS
if grep -q " ntfs-3g " "$SYSTEM_DIR/etc/fstab"
then
grep " ntfs-3g " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab
fi
# BTRFS
if grep -q " btrfs " "$SYSTEM_DIR/etc/fstab"
then
grep " btrfs " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab
fi
# Dislocker
if grep -q " fuse.dislocker " "$SYSTEM_DIR/etc/fstab"
then
print_text_in_color "$ICyan" "Installing dislocker..."
install_if_not dislocker
grep " fuse.dislocker " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab
fi
# Cifs-utils
if grep -q " cifs " "$SYSTEM_DIR/etc/fstab"
then
# Install all tools
print_text_in_color "$ICyan" "Installing cifs-utils..."
install_if_not keyutils
install_if_not cifs-utils
install_if_not winbind
if [ "$(grep "^hosts:" /etc/nsswitch.conf | grep wins)" == "" ]
then
sed -i '/^hosts/ s/$/ wins/' /etc/nsswitch.conf
fi
grep " cifs " "$SYSTEM_DIR/etc/fstab" >> /etc/fstab
fi
# Veracrypt
if [ -f "$SYSTEM_DIR/$SCRIPTS/veracrypt-automount.sh" ]
then
print_text_in_color "$ICyan" "Installing veracrypt... This can take a long time!"
add-apt-repository ppa:unit193/encryption -y
apt-get update -q4 & spinner_loading
apt-get install veracrypt --no-install-recommends -y
# No need to copy the file since it is already synced via rsync
# Create startup service
cat << SERVICE > /etc/systemd/system/veracrypt-automount.service
[Unit]
Description=Mount Veracrypt Devices
After=boot.mount
Before=network.target
[Service]
Type=forking
ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh
TimeoutStopSec=1
[Install]
WantedBy=multi-user.target
SERVICE
systemctl enable veracrypt-automount
fi
# SMB-server
if grep -q "^smb-users:" "$SYSTEM_DIR/etc/group"
then
SMB_USERS=$(grep "^smb-users:" "$SYSTEM_DIR/etc/group" | cut -d ":" -f 4 | sed 's|,| |g')
read -r -a SMB_USERS <<< "$SMB_USERS"
groupadd "smb-users"
for user in "${SMB_USERS[@]}"
do
adduser --no-create-home --quiet --disabled-login --force-badname --gecos "" "$user" &>/dev/null
usermod --append --groups smb-users,www-data "$user"
done
DEBIAN_FRONTEND=noninteractive apt-get install samba -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"
# No need to sync files since they are already synced via rsync
fi
# Previewgenerator
if grep -q 'Movie' "$SYSTEM_DIR/$NCPATH/config/config.php"
then
install_if_not ffmpeg
fi
if grep -q 'Photoshop\|SVG\|TIFF' "$SYSTEM_DIR/$NCPATH/config/config.php"
then
install_if_not php-imagick
install_if_not libmagickcore-6.q16-3-extra
fi
# Restore old redis password
REDIS_PASS=$(grep \'password\' "$SYSTEM_DIR/$NCPATH/config/config.php" | awk '{print $3}' | sed "s/[',]//g")
sed -i "s|^requirepass.*|requirepass $REDIS_PASS|g" /etc/redis/redis.conf
# Restart redis
systemctl restart redis
# Flush redis
redis-cli -s /var/run/redis/redis-server.sock -c FLUSHALL
# Start web server
systemctl start apache2
# Import old crontabs
grep -v '^#' "$SYSTEM_DIR/var/spool/cron/crontabs/root" | crontab -u root -
grep -v '^#' "$SYSTEM_DIR/var/spool/cron/crontabs/www-data" | crontab -u www-data -
# Umount the backup drive
umount "$BORG_MOUNT"
umount "$DRIVE_MOUNT"
# Connect all drives
while :
do
msg_box "Restore completed!
Nextcloud and the the most important files and configurations were restored!\n
Please connect all external drives that were connected to the old server now!"
if yesno_box_no "Did you connect all drives?"
then
break
fi
done
# Mount all drives
print_text_in_color "$ICyan" "Mounting all drives..."
mount -a -v
if [ -f "$SCRIPTS/veracrypt-automount.sh" ]
then
bash "$SCRIPTS/veracrypt-automount.sh"
fi
# Show info
msg_box "We will now adjust a few last things."
# Disable maintenance mode
nextcloud_occ_no_check maintenance:mode --off
# Update the system data-fingerprint
nextcloud_occ_no_check maintenance:data-fingerprint
# repairing the Database, if it got corupted
nextcloud_occ_no_check maintenance:repair
# Appending the new ip to trusted domains
add_to_trusted_domains "$ADDRESS"
# Cleanup trashbin and files_versions because we removed them
nextcloud_occ_no_check trashbin:cleanup --all-users -vvv
nextcloud_occ_no_check versions:cleanup -vvv
# Rescan appdata because we removed all previews
nextcloud_occ_no_check files:scan-app-data -vvv
# Test Nextcloud automatically
if ! nextcloud_occ_no_check -V
then
msg_box "Something failed while restoring Nextcloud.\nPlease try again!"
exit 1
fi
# Restart samba
if is_this_installed samba
then
print_text_in_color "$ICyan" "Restarting Samba..."
update-rc.d smbd defaults
update-rc.d smbd enable
service smbd restart
update-rc.d nmbd enable
service nmbd restart
fi
# Test Nextcloud manually
msg_box "The time has come to login to your Nextcloud in a Browser \
by opening 'https://$ADDRESS' to check if Nextcloud works as expected.
(e.g. check the Nextcloud logs and try out all installed apps).
If yes, just press '[ENTER]'."
# Last popup
msg_box "Restore completed!\n
You can now simply reinstall all apps and addons that were installed on your server before!\n
Those need to get installed (if they were installed on the old server before):
Geoblocking, Disk Monitoring, Fail2Ban, ClamAV, SMTP Mail, DDclient, Activate TLS, OnlyOffice, Push Notifications for Nextcloud, \
High-Performance backend for Nextcloud Talk, Whiteboard for Nextcloud, Extract for Nextcloud, Vaultwarden, Pi-hole, PiVPN, \
Plex Media Server, Previewgenerator, Remotedesktop and Midnight Commander.\n
Note:
Vaultwarden and Plex Media Server files were restored (if they were installed before) but the containers need to get \
installed again to make them run with the restored files."

284
not-supported/rsyncbackup.sh
View File

@ -1,284 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Rsync Backup"
SCRIPT_EXPLAINER="This script creates the off-shore backup of your server."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
LVM_MOUNT="/system"
START_TIME=$(date +%s)
CURRENT_DATE=$(date --date @"$START_TIME" +"%Y%m%d_%H%M%S")
CURRENT_DATE_READABLE=$(date --date @"$START_TIME" +"%d.%m.%Y - %H:%M:%S")
LOG_FILE="$VMLOGS/rsyncbackup-$CURRENT_DATE.log"
# This is needed for running via cron
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
# Functions
inform_user() {
echo -e "\n\n# $2"
print_text_in_color "$1" "$2"
}
paste_log_file() {
cat "$LOG_FILE" >> "$RSYNC_BACKUP_LOG"
echo -e "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n" >> "$RSYNC_BACKUP_LOG"
}
remove_log_file() {
rm "$LOG_FILE"
}
show_drive_usage() {
inform_user "$ICyan" "Showing drive usage..."
lsblk -o FSUSE%,SIZE,MOUNTPOINT,NAME | grep -v "loop[0-9]" | grep "%" | sed 's|`-||;s/|-//;s/ | //'
echo ""
df -h | grep -v "loop[0-9]" | grep -v "tmpfs" | grep -v "^udev" | grep -v "^overlay"
}
send_error_mail() {
if [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
inform_user "$ICyan" "Unmounting the off-shore backup drive..."
umount "$BACKUP_MOUNTPOINT"
fi
if [ -d "$BACKUP_SOURCE_DIRECTORY" ]
then
if [ -z "$DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE" ]
then
inform_user "$ICyan" "Unmounting the backup drive..."
umount "$BACKUP_SOURCE_MOUNTPOINT"
fi
fi
get_expiration_time
inform_user "$IRed" "Off-shore backup sent error on $END_DATE_READABLE ($DURATION_READABLE)"
inform_user "$IRed" "Off-shore backup failed! $1"
if ! send_mail "Off-shore backup failed! $1" "$(cat "$LOG_FILE")"
then
notify_admin_gui \
"Off-shore backup failed! Though mail sending didn't work!" \
"Please look at the log file $LOG_FILE if you want to find out more."
paste_log_file
else
paste_log_file
remove_log_file
fi
exit 1
}
re_rename_snapshot() {
inform_user "$ICyan" "Re-renaming the snapshot..."
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot
then
return 1
else
return 0
fi
}
get_expiration_time() {
END_TIME=$(date +%s)
END_DATE_READABLE=$(date --date @"$END_TIME" +"%d.%m.%Y - %H:%M:%S")
DURATION=$((END_TIME-START_TIME))
DURATION_SEC=$((DURATION % 60))
DURATION_MIN=$(((DURATION / 60) % 60))
DURATION_HOUR=$((DURATION / 3600))
DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC)
}
# Write output to logfile.
exec > >(tee -i "$LOG_FILE")
exec 2>&1
# Send mail that backup was started
if ! send_mail "Off-shore backup started!" "You will be notified again when the backup is finished!
Please don't restart or shutdown your server until then!"
then
notify_admin_gui "Off-shore backup started!" "You will be notified again when the backup is finished!
Please don't restart or shutdown your server until then!"
fi
# Start backup
inform_user "$IGreen" "Off-shore backup started! $CURRENT_DATE_READABLE"
# Check if the file exists
if ! [ -f "$SCRIPTS/off-shore-rsync-backup.sh" ]
then
send_error_mail "The off-shore-rsync-backup.sh doesn't exist."
fi
# Check if all needed variables are there (they get exported by the local off-shore-rsync-backup.sh)
if [ -z "$BACKUP_TARGET_DIRECTORY" ] || [ -z "$BACKUP_MOUNTPOINT" ] || [ -z "$RSYNC_BACKUP_LOG" ] \
|| [ -z "$BACKUP_SOURCE_MOUNTPOINT" ] || [ -z "$BACKUP_SOURCE_DIRECTORY" ]
then
send_error_mail "Didn't get all needed variables."
fi
# Check if pending snapshot is existing and cancel the backup in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1
msg_box "The snapshot pending does exist. Can currently not proceed.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
send_error_mail "NcVM-snapshot-pending exists. Please try again later!"
fi
# Check if snapshot can get created
if ! does_snapshot_exist "NcVM-snapshot"
then
send_error_mail "NcVM-snapshot doesn't exists."
fi
# Check if at least one daily backup drive has run
BORGBACKUP_LOG="$(grep "^export BORGBACKUP_LOG" "$SCRIPTS/daily-borg-backup.sh" \
| sed 's|.*BORGBACKUP_LOG="||' | sed 's|"$||')"
if [ -z "$BORGBACKUP_LOG" ] || ! [ -f "$BORGBACKUP_LOG" ] || ! grep -q "Backup finished on" "$BORGBACKUP_LOG"
then
send_error_mail "Not even one daily backup was successfully created. Please wait for that first."
fi
# Prepare backup repository
inform_user "$ICyan" "Mounting the daily backup drive..."
if ! [ -d "$BACKUP_SOURCE_DIRECTORY" ]
then
mount "$BACKUP_SOURCE_MOUNTPOINT" &>/dev/null
if ! [ -d "$BACKUP_SOURCE_DIRECTORY" ]
then
send_error_mail "Could not mount the daily backup drive. Is it connected?"
fi
fi
# Prepare backup repository
inform_user "$ICyan" "Mounting the off-shore backup drive..."
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
mount "$BACKUP_MOUNTPOINT" &>/dev/null
if ! [ -d "$BACKUP_TARGET_DIRECTORY" ]
then
send_error_mail "Could not mount the off-shore backup drive. Please connect it!"
fi
fi
# Check daily backup
rm -f /tmp/DAILY_BACKUP_CHECK_SUCCESSFUL
export SKIP_DAILY_BACKUP_CREATION=1
bash "$SCRIPTS/daily-borg-backup.sh"
if ! [ -f "/tmp/DAILY_BACKUP_CHECK_SUCCESSFUL" ]
then
send_error_mail "Daily backup check failed!" \
"Backup check was unsuccessful! $(date +%T)"
fi
# Test if btrfs volume
if grep " $BACKUP_MOUNTPOINT " /etc/mtab | grep -q btrfs
then
IS_BTRFS_PART=1
mkdir -p "$BACKUP_MOUNTPOINT/.snapshots"
btrfs subvolume snapshot -r "$BACKUP_MOUNTPOINT" "$BACKUP_MOUNTPOINT/.snapshots/@$CURRENT_DATE"
while [ "$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt 4 ]
do
DELETE_SNAP="$(find "$BACKUP_MOUNTPOINT/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)"
btrfs subvolume delete "$DELETE_SNAP"
done
fi
# Check if pending snapshot is existing and cancel the backup in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
DO_NOT_UMOUNT_DAILY_BACKUP_DRIVE=1
msg_box "The snapshot pending does exist. Can currently not proceed.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
send_error_mail "NcVM-snapshot-pending exists. Please try again later!"
fi
# Rename the snapshot to represent that the backup is pending
inform_user "$ICyan" "Renaming the snapshot..."
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending
then
send_error_mail "Could not rename the snapshot to snapshot-pending."
fi
# Create the backup
inform_user "$ICyan" "Creating the off-shore backup..."
if ! rsync --archive --human-readable --delete --stats "$BACKUP_SOURCE_DIRECTORY/" "$BACKUP_TARGET_DIRECTORY"
then
show_drive_usage
re_rename_snapshot
send_error_mail "Something failed during the rsync job."
fi
# Adjust permissions and scrub volume
if [ -n "$IS_BTRFS_PART" ]
then
inform_user "$ICyan" "Adjusting permissions..."
find "$BACKUP_MOUNTPOINT/" -not -path "$BACKUP_MOUNTPOINT/.snapshots/*" \
\( ! -perm 600 -o ! -group root -o ! -user root \) -exec chmod 600 {} \; -exec chown root:root {} \;
inform_user "$ICyan" "Making sure that all data is written out correctly by waiting 10 min..."
# This fixes an issue where checksums are not yet created before the scrub command runs which then reports checksum errors
if ! sleep 10m
then
re_rename_snapshot
send_error_mail "Some errors were reported while waiting for the data to get written out."
fi
inform_user "$ICyan" "Scrubbing BTRFS partition..."
if ! btrfs scrub start -B "$BACKUP_MOUNTPOINT"
then
re_rename_snapshot
send_error_mail "Some errors were reported while scrubbing the BTRFS partition."
fi
fi
# Rename the snapshot back to normal
if ! re_rename_snapshot
then
send_error_mail "Could not rename the snapshot-pending to snapshot."
fi
# Print usage of drives into log
show_drive_usage
# Unmount the backup drive
inform_user "$ICyan" "Unmounting the off-shore backup drive..."
if mountpoint -q "$BACKUP_MOUNTPOINT" && ! umount "$BACKUP_MOUNTPOINT"
then
send_error_mail "Could not unmount the off-shore backup drive!"
fi
# Unmount the backup drive
inform_user "$ICyan" "Unmounting the daily backup drive..."
if mountpoint -q "$BACKUP_SOURCE_MOUNTPOINT" && ! umount "$BACKUP_SOURCE_MOUNTPOINT"
then
send_error_mail "Could not unmount the daily backup drive!"
fi
# Resetting the timer for off-shore backups
inform_user "$ICyan" "Resetting the timer for off-shore backups..."
sed -i 's|^DAYS_SINCE_LAST_BACKUP.*|DAYS_SINCE_LAST_BACKUP=0|' "$SCRIPTS/off-shore-rsync-backup.sh"
# Show expiration time
get_expiration_time
inform_user "$IGreen" "Off-shore backup finished on $END_DATE_READABLE ($DURATION_READABLE)"
# Send mail about successful backup
if ! send_mail "Off-shore backup successful! You can now disconnect the off-shore backup drive!" "$(cat "$LOG_FILE")"
then
notify_admin_gui \
"Off-shore backup successful! Though mail sending didn't work!" \
"You can now disconnect the off-shore backup drive! \
Please look at the log file $LOG_FILE if you want to find out more."
paste_log_file
else
paste_log_file
remove_log_file
fi
exit

1513
not-supported/smbserver.sh
View File

File diff suppressed because it is too large Load Diff

553
not-supported/system-restore.sh
View File

@ -1,553 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="System Restore"
SCRIPT_EXPLAINER="This script let's you restore your system- and boot-partition to a previous state."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Variables
DAILY_BACKUP_FILE="$SCRIPTS/daily-borg-backup.sh"
OFFSHORE_BACKUP_FILE="$SCRIPTS/off-shore-rsync-backup.sh"
# Functions
restore_original_state() {
# Restore original cache and security folder
if [ "$BACKUP_MOUNTPOINT" = "$OFFSHORE_BACKUP_MOUNTPOINT" ]
then
rm -r /root/.config/borg/security
mv /root/.config/borg/security.bak/ /root/.config/borg/security
rm -r /root/.cache/borg
mv /root/.cache/borg.bak/ /root/.cache/borg
fi
# Re-rename the snapshot to represent that it is done
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot-pending /dev/ubuntu-vg/NcVM-snapshot
then
msg_box "Could not re-rename the snapshot. Please reboot your server!"
exit 1
fi
# Unmount the backup drive
sleep 1
if ! umount "$BACKUP_MOUNTPOINT"
then
msg_box "Something went wrong while unmounting the backup drive."
exit 1
fi
}
# Ask for execution
msg_box "$SCRIPT_EXPLAINER"
if ! yesno_box_yes "Do you want to restore your system to a previous state?"
then
exit
fi
# Check if restore is possible
if ! [ -f "$DAILY_BACKUP_FILE" ]
then
msg_box "It seems like you haven't set up daily borg backups.
Please do that before you can view backups."
exit 1
fi
# Get needed variables
ENCRYPTION_KEY="$(grep "ENCRYPTION_KEY=" "$DAILY_BACKUP_FILE" | sed "s|.*ENCRYPTION_KEY=||;s|'||g;s|\"||g")"
DAILY_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')"
DAILY_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$DAILY_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')"
if [ -z "$ENCRYPTION_KEY" ] || [ -z "$DAILY_BACKUP_FILE" ] || [ -z "$DAILY_BACKUP_FILE" ]
then
msg_box "Some daily backup variables are empty. This is wrong."
exit 1
fi
# Also get variables from the offshore backup file
if [ -f "$OFFSHORE_BACKUP_FILE" ]
then
OFFSHORE_BACKUP_MOUNTPOINT="$(grep "BACKUP_MOUNTPOINT=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_MOUNTPOINT="||;s|"||')"
OFFSHORE_BACKUP_TARGET="$(grep "BACKUP_TARGET_DIRECTORY=" "$OFFSHORE_BACKUP_FILE" | sed 's|.*BACKUP_TARGET_DIRECTORY="||;s|"||')"
if [ -z "$OFFSHORE_BACKUP_MOUNTPOINT" ] ||[ -z "$OFFSHORE_BACKUP_TARGET" ]
then
msg_box "Some off-shore backup variables are empty. This is wrong."
exit 1
fi
fi
# Check if pending snapshot is existing and cancel the viewing in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "The snapshot pending does exist. Can currently not show the backup.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
fi
# Check if startup snapshot is existing and cancel the viewing in this case.
if does_snapshot_exist "NcVM-startup"
then
msg_box "The snapshot startup does exist.
Please run the update script first."
exit 1
fi
# Check if snapshot can get renamed
if ! does_snapshot_exist "NcVM-snapshot"
then
msg_box "The NcVM-snapshot doesn't exist. This isn't allowed."
exit 1
fi
# Ask if a backup was created
msg_box "It is recommended to make a backup and/or snapshot of your NcVM before restoring the system."
if ! yesno_box_no "Have you made a backup of your NcVM?"
then
if ! yesno_box_yes "Do you want to run the backup now?"
then
exit 1
fi
rm -f /tmp/DAILY_BACKUP_CREATION_SUCCESSFUL
export SKIP_DAILY_BACKUP_CHECK=1
bash "$DAILY_BACKUP_FILE"
if ! [ -f "/tmp/DAILY_BACKUP_CREATION_SUCCESSFUL" ]
then
if ! yesno_box_no "It seems like the backup was not successful. Do you want to continue nonetheless? (Not recommended!)"
then
exit 1
fi
fi
fi
print_text_in_color "$ICyan" "Checking which backup drives are connected. This can take a while..."
# View backup repository menu
args=(whiptail --title "$TITLE" --menu \
"Please select the backup repository that you want to view.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Check if at least one drive is connected
DAILY=1
if ! [ -d "$DAILY_BACKUP_TARGET" ]
then
mount "$DAILY_BACKUP_MOUNTPOINT" &>/dev/null
if ! [ -d "$DAILY_BACKUP_TARGET" ]
then
DAILY=""
fi
umount "$DAILY_BACKUP_MOUNTPOINT" &>/dev/null
fi
if [ -f "$OFFSHORE_BACKUP_FILE" ]
then
OFFSHORE=1
if ! [ -d "$OFFSHORE_BACKUP_TARGET" ]
then
mount "$OFFSHORE_BACKUP_MOUNTPOINT" &>/dev/null
if ! [ -d "$OFFSHORE_BACKUP_TARGET" ]
then
OFFSHORE=""
fi
fi
umount "$OFFSHORE_BACKUP_MOUNTPOINT" &>/dev/null
fi
if [ -z "$DAILY" ] && [ -z "$OFFSHORE" ]
then
msg_box "Not even one backup drive is connected.
You must connect one if you want to view a backup."
exit 1
fi
# Get which one is connected
if [ -n "$DAILY" ]
then
args+=("$DAILY_BACKUP_TARGET" " Daily Backup Repository")
fi
if [ -n "$OFFSHORE" ]
then
args+=("$OFFSHORE_BACKUP_TARGET" " Off-Shore Backup Repository")
fi
# Show the menu
choice=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$choice" ]
then
msg_box "No target selected. Exiting."
exit 1
fi
# Check the boot mountpoint
if mountpoint -q /tmp/borgboot
then
umount /tmp/borgboot
if mountpoint -q /tmp/borgboot
then
msg_box "There is still something mounted on /tmp/borgboot. Cannot proceed."
exit 1
fi
fi
# Check the system mountpoint
if mountpoint -q /tmp/borgsystem
then
umount /tmp/borgsystem
if mountpoint -q /tmp/borgsystem
then
msg_box "There is still something mounted on /tmp/borgsystem. Cannot proceed."
exit 1
fi
fi
# Check if /mnt/ncdata exists
if grep -q " /mnt/ncdata " /etc/mtab
then
NCDATA_PART_EXISTS=yes
fi
# Check the ncdata mountpoint
if [ -n "$NCDATA_PART_EXISTS" ]
then
if mountpoint -q /tmp/borgncdata
then
umount /tmp/borgboot
if mountpoint -q /tmp/borgncdata
then
msg_box "There is still something mounted on /tmp/borgncdata. Cannot proceed."
exit 1
fi
fi
fi
# Check if pending snapshot is existing and cancel the restore process in this case.
if does_snapshot_exist "NcVM-snapshot-pending"
then
msg_box "The snapshot pending does exist. Can currently not restore the backup.
Please try again later.\n
If you are sure that no update or backup is currently running, you can fix this by rebooting your server."
exit 1
fi
# Rename the snapshot to represent that the backup is locked
if ! lvrename /dev/ubuntu-vg/NcVM-snapshot /dev/ubuntu-vg/NcVM-snapshot-pending
then
msg_box "Could not rename the snapshot. Please reboot your server!"
exit 1
fi
# Find out which one was selected
BACKUP_TARGET_DIRECTORY="$choice"
if [ "$BACKUP_TARGET_DIRECTORY" = "$DAILY_BACKUP_TARGET" ]
then
BACKUP_MOUNTPOINT="$DAILY_BACKUP_MOUNTPOINT"
elif [ "$BACKUP_TARGET_DIRECTORY" = "$OFFSHORE_BACKUP_TARGET" ]
then
BACKUP_MOUNTPOINT="$OFFSHORE_BACKUP_MOUNTPOINT"
# Work around issue with borg
# https://github.com/borgbackup/borg/issues/3428#issuecomment-380399036
mv /root/.config/borg/security/ /root/.config/borg/security.bak
mv /root/.cache/borg/ /root/.cache/borg.bak
fi
# Mount the backup drive
if ! mount "$BACKUP_MOUNTPOINT"
then
msg_box "Could not mount the backup drive."
restore_original_state
exit 1
fi
# Export passphrase
export BORG_PASSPHRASE="$ENCRYPTION_KEY"
# Break the borg lock if it exists because we have the snapshot that prevents such situations
if [ -f "$BACKUP_TARGET_DIRECTORY/lock.roster" ]
then
print_text_in_color "$ICyan" "Breaking the borg lock..."
borg break-lock "$BACKUP_TARGET_DIRECTORY"
fi
# Find available archives
ALL_ARCHIVES=$(borg list "$BACKUP_TARGET_DIRECTORY")
SYSTEM_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-system-partition" | awk -F "-" '{print $1}' | sort -r)
mapfile -t SYSTEM_ARCHIVES <<< "$SYSTEM_ARCHIVES"
BOOT_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-boot-partition" | awk -F "-" '{print $1}' | sort -r)
mapfile -t BOOT_ARCHIVES <<< "$BOOT_ARCHIVES"
NCDATA_ARCHIVES=$(echo "$ALL_ARCHIVES" | grep "NcVM-ncdata-partition" | awk -F "-" '{print $1}' | sort -r)
if [ -n "$NCDATA_ARCHIVES" ]
then
NCDATA_ARCHIVE_EXISTS=yes
fi
mapfile -t NCDATA_ARCHIVES <<< "$NCDATA_ARCHIVES"
# Check if the setup is correct
if [ "$NCDATA_PART_EXISTS" != "$NCDATA_ARCHIVE_EXISTS" ]
then
msg_box "Cannot restore the system since either the ncdata partition doesn't exist and is in the repository \
or the partition exists and isn't in the repository."
restore_original_state
exit 1
fi
# Find valid archives
for system_archive in "${SYSTEM_ARCHIVES[@]}"
do
for boot_archive in "${BOOT_ARCHIVES[@]}"
do
if [ -n "$NCDATA_ARCHIVE_EXISTS" ]
then
for ncdata_archive in "${NCDATA_ARCHIVES[@]}"
do
if [ "$system_archive" = "$boot_archive" ] && [ "$system_archive" = "$ncdata_archive" ]
then
VALID_ARCHIVES+=("$system_archive")
continue
fi
done
elif [ "$system_archive" = "$boot_archive" ]
then
VALID_ARCHIVES+=("$system_archive")
continue
fi
done
done
# Test if at least one valid archive was found
if [ -z "${VALID_ARCHIVES[*]}" ]
then
msg_box "Not even one valid archive found. Cannot continue."
restore_original_state
exit 1
fi
# Create menu to select from available archives
unset args
args=(whiptail --title "$TITLE" --menu \
"Please select the backup archive that you want to restore.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
for valid_archive in "${VALID_ARCHIVES[@]}"
do
HUMAN_DATE=$(echo "$ALL_ARCHIVES" | grep "$valid_archive" | head -1 | awk '{print $3}')
HUMAN_TIME=$(echo "$ALL_ARCHIVES" | grep "$valid_archive" | head -1 | awk '{print $4}')
args+=("$valid_archive" "The backup was made on $HUMAN_DATE $HUMAN_TIME")
done
# Show the menu
choice=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$choice" ]
then
msg_box "No archive selected. Exiting."
restore_original_state
exit 1
else
SELECTED_ARCHIVE="$choice"
fi
# Inform user
msg_box "We've implemented the option to test the extraction of the backup before we start the restore process.
This can take a lot of time though and is because of that not the default."
if yesno_box_no "Do you want to test the extraction of the backup nonetheless?"
then
print_text_in_color "$ICyan" "Checking the system partition archive integrity. Please be patient!"
mkdir -p /tmp/borgextract
cd /tmp/borgextract
if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-system-partition"
then
msg_box "Some errors were reported while checking the system partition archive integrity."
restore_original_state
exit 1
fi
print_text_in_color "$ICyan" "Checking the boot partition archive integrity. Please be patient!"
if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-boot-partition"
then
msg_box "Some errors were reported while checking the boot partition archive integrity."
restore_original_state
exit 1
fi
if [ -n "$NCDATA_ARCHIVE_EXISTS" ]
then
print_text_in_color "$ICyan" "Checking the ncdata partition archive integrity. Please be patient!"
if ! borg extract --dry-run --list "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-ncdata-partition"
then
msg_box "Some errors were reported while checking the ncdata partition archive integrity."
restore_original_state
exit 1
fi
fi
msg_box "The extraction of the backup was tested successfully!"
fi
print_text_in_color "$ICyan" "Mounting all needed directories from the backup now. This can take a while..."
# Mount system archive
mkdir -p /tmp/borgsystem
if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-system-partition" /tmp/borgsystem
then
msg_box "Something failed while mounting the system partition archive. Please try again."
restore_original_state
exit 1
fi
# Mount boot archive
mkdir -p /tmp/borgboot
if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-boot-partition" /tmp/borgboot
then
msg_box "Something failed while mounting the boot partition archive. Please try again."
umount /tmp/borgsystem
restore_original_state
exit 1
fi
# Mount ncdata archive
if [ -n "$NCDATA_ARCHIVE_EXISTS" ]
then
mkdir -p /tmp/borgncdata
if ! borg mount "$BACKUP_TARGET_DIRECTORY::$SELECTED_ARCHIVE-NcVM-ncdata-partition" /tmp/borgncdata
then
msg_box "Something failed while mounting the ncdata partition archive. Please try again."
umount /tmp/borgsystem
umount /tmp/borgboot
restore_original_state
exit 1
fi
fi
# Check if all system entries are there
SYS_DRIVES=$(grep "^/dev/disk/by-" /etc/fstab | grep defaults | awk '{print $1}')
mapfile -t SYS_DRIVES <<< "$SYS_DRIVES"
for drive in "${SYS_DRIVES[@]}"
do
if ! grep -q "$drive" /tmp/borgsystem/system/etc/fstab
then
msg_box "Cannot restore to this archive point since fstab entries are missing/not there.
This might be because the archive was created on a different Ubuntu installation."
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata &>/dev/null
restore_original_state
exit 1
fi
done
# Exclude some dirs; mnt, media, sys, prob don't need to be excluded because of the usage of --one-file-system flag
EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache root/.config/borg var/cache \
lost+found run var/run tmp var/tmp etc/lvm/archive snap "home/plex/config/Library/Application Support/Plex Media Server/Cache")
# Allow to disable restoring of Previews
if ! yesno_box_yes "Do you want to restore Nextclouds previews? This might slow down the restore process by a lot.
If you select 'No', the preview folder will be excluded from the restore process which can lead to preview issues in Nextcloud."
then
PREVIEW_EXCLUDED=("--exclude=/appdata_"*/preview/)
EXCLUDED_DIRECTORIES+=("$NCDATA"/appdata_*/preview)
fi
for directory in "${EXCLUDED_DIRECTORIES[@]}"
do
directory="${directory#/*}"
EXCLUDE_DIRS+=(--exclude="/$directory/")
done
# Inform user
if ! yesno_box_no "Are you sure that you want to restore your system to the selected state?
Please note that this will also restore the Bitwarden RS/Vaultwarden/Bitwarden database so newly created passwords that were created in the meantime since this backup will get deleted.
If you select 'Yes', we will start the restore process!"
then
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata &>/dev/null
restore_original_state
exit 1
fi
# Inform user
msg_box "We will now start the restore process. Please wait until you see the next popup! This can take a while!"
# Start the restore
print_text_in_color "$ICyan" "Starting the restore process..."
# Check if dpkg or apt is running
is_process_running apt
is_process_running dpkg
# Stop services
print_text_in_color "$ICyan" "Stopping services..."
if is_docker_running
then
systemctl stop docker
fi
nextcloud_occ_no_check maintenance:mode --on
systemctl stop postgresql
# Restore the system partition
print_text_in_color "$ICyan" "Restoring the files..."
if ! rsync --archive --human-readable --delete --one-file-system \
-vv "${EXCLUDE_DIRS[@]}" /tmp/borgsystem/system/ /
then
SYSTEM_RESTORE_FAILED=1
fi
# Restore the boot partition
if ! rsync --archive --human-readable -vv --delete /tmp/borgboot/boot/ /boot
then
if [ "$SYSTEM_RESTORE_FAILED" = 1 ]
then
msg_box "Something failed while restoring the system partition."
fi
msg_box "Something failed while restoring the boot partition."
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata &>/dev/null
restore_original_state
exit 1
fi
if [ "$SYSTEM_RESTORE_FAILED" = 1 ]
then
msg_box "Something failed while restoring the system partition."
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata &>/dev/null
restore_original_state
exit 1
fi
# Restore the ncdata partition
if [ -n "$NCDATA_ARCHIVE_EXISTS" ]
then
if ! rsync --archive --human-readable --delete --one-file-system \
-vv "${PREVIEW_EXCLUDED[*]}" /tmp/borgncdata/ncdata/ /mnt/ncdata
then
msg_box "Something failed while restoring the ncdata partition."
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata
restore_original_state
exit 1
fi
fi
# Start services
print_text_in_color "$ICyan" "Starting services..."
systemctl start postgresql
nextcloud_occ_no_check maintenance:mode --off
start_if_stopped docker
# Restore original state
umount /tmp/borgsystem
umount /tmp/borgboot
umount /tmp/borgncdata &>/dev/null
restore_original_state
# Allow to reboot: recommended
msg_box "Congratulations, the restore was successful!\n
It is highly recommended to reboot your server now."
if yesno_box_yes "Do you want to reboot now?"
then
reboot
fi
exit

142
not-supported/tpm2-unlock.sh
View File

@ -1,142 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="TPM2 Unlock"
SCRIPT_EXPLAINER="This script helps automatically unlocking the root partition during boot \
and securing your GRUB (bootloader)."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check if already installed
if is_this_installed clevis-luks || is_this_installed clevis-tpm2 || is_this_installed clevis-initramfs
then
msg_box "It seems like clevis-luks is already installed.\nThis script can unfortunately not run twice."
exit 1
else
# Ask for installation
install_popup "$SCRIPT_NAME"
fi
# Make some pre-requirements
if lshw -quiet | grep -q "driver=nvme" && ! grep -q "nvme_core.default_ps_max_latency_us" /etc/default/grub
then
print_text_in_color "$ICyan" "Configuring necessary pre-requirements..."
# shellcheck disable=1091
source /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT+=" nvme_core.default_ps_max_latency_us=5500"
sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$GRUB_CMDLINE_LINUX_DEFAULT\"|" /etc/default/grub
if ! update-grub
then
msg_box "Something failed during update-grub. Please report this to $ISSUES"
fi
fi
# Test if device is present
# https://github.com/noobient/noobuntu/wiki/Full-Disk-Encryption#tpm-2
if ! dmesg | grep -i "tpm" | grep -q "2\.0"
then
msg_box "No TPM 2.0 device found."
exit 1
fi
ENCRYPTED_DEVICE="$(lsblk -o KNAME,FSTYPE | grep "crypto_LUKS" | awk '{print $1}')"
if [ -z "$ENCRYPTED_DEVICE" ]
then
msg_box "No encrypted device found."
exit 1
fi
mapfile -t ENCRYPTED_DEVICE <<< "$ENCRYPTED_DEVICE"
if [ "${#ENCRYPTED_DEVICE[@]}" -gt 1 ]
then
msg_box "More than one encrypted device found. This is not supported."
exit 1
fi
# Enter the password
PASSWORD="$(input_box_flow "Please enter the password for your root partition
If you want to cancel, just type in 'exit' and press [ENTER].")"
if [ "$PASSWORD" = 'exit' ]
then
exit 1
fi
# Install needed tools
apt-get install clevis-tpm2 clevis-luks clevis-initramfs -y
# Execute the script
print_text_in_color "$ICyan" "Setting up automatic unlocking via TPM2..."
if ! echo "$PASSWORD" | clevis luks bind -k - -d "/dev/${ENCRYPTED_DEVICE[*]}" tpm2 '{"pcr_bank":"sha256","pcr_ids":"7"}'
then
msg_box "Something has failed while trying to configure clevis luks.
We will now uninstall all needed packets again, so that you are able to start over."
apt-get purge clevis-tpm2 clevis-luks clevis-initramfs -y
apt-get autoremove -y
msg_box "All installed packets were successfully removed."
exit 1
fi
print_text_in_color "$ICyan" "Updating initramfs..."
if ! update-initramfs -u -k 'all'
then
msg_box "Errors during initramfs update"
exit 1
fi
PASSWORD=$(input_box_flow "Please enter a new password that will secure your GRUB (bootloader).")
# Set grub password
# https://selivan.github.io/2017/12/21/grub2-password-for-all-but-default-menu-entries.html
GRUB_PASS="$(echo -e "$PASSWORD\n$PASSWORD" | grub-mkpasswd-pbkdf2 | grep -oP 'grub\.pbkdf2\.sha512\.10000\..*')"
if [ -n "${PASSWORD##grub.pbkdf2.sha512.10000.}" ]
then
cat << GRUB_CONF >> /etc/grub.d/40_custom
# Password-protect GRUB
set superusers="grub"
password_pbkdf2 grub $GRUB_PASS
GRUB_CONF
# Allow to run the default grub options without requiring the grub password
if ! grep -q '^CLASS=.*--unrestricted"' /etc/grub.d/10_linux && grep -q '^CLASS=.*"$' /etc/grub.d/10_linux
then
sed -i '/^CLASS=/s/"$/ --unrestricted"/' /etc/grub.d/10_linux
fi
else
msg_box "Something went wrong while setting the grub password. \
Please report this to $ISSUES"
exit 1
fi
# Adjust grub (https://github.com/nextcloud/vm/issues/1694)
if ! grep -q "GRUB_DISABLE_OS_PROBER" /etc/default/grub
then
echo "GRUB_DISABLE_OS_PROBER=true" >> /etc/default/grub
fi
# Update grub
print_text_in_color "$ICyan" "Updating grub..."
update-grub
# Don't allow to update shim, otherwise the automatic unlocking might break
if ! apt-mark hold shim
then
msg_box "Could not hold shim.
Please report this to $ISSUES"
fi
# Inform user
msg_box "TPM2 Unlock and securing your GRUB (bootloader) was set up successfully.
We will reboot after you hit okay.\n
Please check if it automatically unlocks the root partition.
If not something has failed."
reboot

434
not-supported/veracrypt-btrfs.sh
View File

@ -1,434 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Veracrypt"
SCRIPT_EXPLAINER="This script automates formatting, encrypting and mounting drives with Veracrypt."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
if ! is_this_installed veracrypt
then
if ! yesno_box_yes "Do you want to install $SCRIPT_NAME?"
then
exit 1
fi
msg_box "Please note that in order to install Veracrypt on your server, \
we need to add a 3rd Party PPA, which theoretically could set your server under risk."
if ! yesno_box_yes "Do you want to continue nonetheless?"
then
exit 1
fi
msg_box "We will now install Veracrypt. This can take a long time. Please be patient!"
add-apt-repository ppa:unit193/encryption -y
apt-get update -q4 & spinner_loading
apt-get install veracrypt --no-install-recommends -y
fi
# Discover drive
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
exit 1
fi
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the drive that you would like to format and encrypt with Veracrypt.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}')
args+=("/dev/$drive" " $DRIVE_DESCRIPTION")
done
# Show the drive menu
DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$DEVICE" ]
then
exit 1
fi
# Ask for password
while :
do
PASSWORD=$(input_box_flow "Please enter the Password that you would like to use for encrypting your drive '$DEVICE'
It should be a strong password.
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$PASSWORD" = "exit" ]
then
exit 1
fi
if yesno_box_no "Have you saved the password at a safe place?"
then
break
fi
done
# Last info box
if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' and encrypt it?
All current files on the drive will be erased!
Select 'Yes' to continue with the process. Select 'No' to cancel."
then
exit 1
fi
# Inform user
msg_box "We will now format the drive '$DEVICE' and encrypt it with Veracrypt. Please be patient!"
# Wipe drive
dd if=/dev/urandom of="$DEVICE" bs=1M count=2
parted "$DEVICE" mklabel gpt --script
parted "$DEVICE" mkpart primary 0% 100% --script
# Wait so that veracrypt doesn't fail
sleep 1
# Format drive
# https://relentlesscoding.com/posts/encrypt-device-with-veracrypt-from-the-command-line/
if ! echo "$PASSWORD" \
| veracrypt --text --quick \
--non-interactive \
--create "$DEVICE"1 \
--volume-type=normal \
--encryption=AES \
--hash=SHA-512 \
--filesystem=Btrfs \
--stdin > /dev/null
then
msg_box "Something failed while encrypting with Veracrypt."
exit 1
fi
# Inform user
msg_box "Formatting and encryption with Veracrypt was successful!"
# Mount it
if ! yesno_box_yes "Do you want to mount the encrypted partition to your server?"
then
exit 1
fi
# Get PARTUUID
PARTUUID=$(lsblk -o PATH,PARTUUID | grep "^$DEVICE"1 | awk '{print $2}')
# Enter the mountpoint
while :
do
MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition.
One example is: '/mnt/data'
The directory has to start with '/mnt/'
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$MOUNT_PATH" = "exit" ]
then
exit 1
elif echo "$MOUNT_PATH" | grep -q " "
then
msg_box "Please don't use spaces!"
elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/"
then
msg_box "The directory has to stat with '/mnt/'"
elif grep -q " $MOUNT_PATH " /etc/fstab
then
msg_box "The mountpoint already exists in fstab. Please try a different one."
elif mountpoint -q "$MOUNT_PATH"
then
msg_box "The mountpoint is already mounted. Please try a different one."
elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata"
then
msg_box "The directory isn't allowed to start with '/mnt/ncdata'"
elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares"
then
msg_box "The directory isn't allowed to start with '/mnt/smbshares'"
else
mkdir -p "$MOUNT_PATH"
if ! echo "$PASSWORD" | veracrypt -t -k "" --pim=0 --protect-hidden=no --fs-options=defaults \
"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH"
then
msg_box "Something failed while trying to mount the Volume. Please try again."
else
break
fi
fi
done
# Create automount script
# Unfortunately the automount via crypttab doesn't work (when using a passphrase-file)
if ! [ -f "$SCRIPTS/veracrypt-automount.sh" ]
then
cat << AUTOMOUNT > "$SCRIPTS/veracrypt-automount.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/veracrypt-automount.sh"
chmod 700 "$SCRIPTS/veracrypt-automount.sh"
# Reset maintenance mode to disabled upon restart
sed -i "/'maintenance'/s/true/false/" "$NCPATH/config/config.php"
# Veracrypt entries
AUTOMOUNT
fi
# Write to file
cat << AUTOMOUNT >> "$SCRIPTS/veracrypt-automount.sh"
if ! echo '$PASSWORD' | veracrypt -t -k "" --pim=0 --protect-hidden=no --fs-options=defaults \
"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH"
then
sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php"
source /var/scripts/fetch_lib.sh
nextcloud_occ_no_check maintenance:mode --on
send_mail "$MOUNT_PATH could not get mounted!" "Please connect the drive and reboot your server! \
The maintenance mode was activated to prevent any issue with Nextcloud. \
You can disable it after the drive is successfully mounted again!"
fi
AUTOMOUNT
# Secure the file
chown root:root "$SCRIPTS/veracrypt-automount.sh"
chmod 700 "$SCRIPTS/veracrypt-automount.sh"
# Test if drive is connected
cat << CONNECTED > "$SCRIPTS/is-drive-connected.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/is-drive-connected.sh"
chmod 700 "$SCRIPTS/is-drive-connected.sh"
# Entries
PARTUUID="\$1"
# Test if drive is connected
while lsblk "/dev/disk/by-partuuid/\$PARTUUID" &>/dev/null
do
sleep 1
done
# Continue if not
if grep -q "'maintenance'" "$NCPATH/config/config.php"
then
sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php"
source /var/scripts/fetch_lib.sh
else
source /var/scripts/fetch_lib.sh
nextcloud_occ_no_check maintenance:mode --on
fi
send_mail "One veracrypt drive is not connected anymore!" "Please connect the drive and reboot your server!
The maintenance mode was activated to prevent any issue with Nextcloud.
A reboot should fix the issue if the drive is successfully connected again."
CONNECTED
# Secure the file
chown root:root "$SCRIPTS/is-drive-connected.sh"
chmod 700 "$SCRIPTS/is-drive-connected.sh"
# Create crontab and start
crontab -u root -l | { cat; echo "@reboot $SCRIPTS/is-drive-connected.sh '$PARTUUID' >/dev/null"; } | crontab -u root -
nohup bash "$SCRIPTS/is-drive-connected.sh" "$PARTUUID" &>/dev/null &
# Adjust permissions at start up
if ! [ -f "$SCRIPTS/adjust-startup-permissions.sh" ]
then
cat << PERMISSIONS > "$SCRIPTS/adjust-startup-permissions.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/adjust-startup-permissions.sh"
chmod 700 "$SCRIPTS/adjust-startup-permissions.sh"
# Entries
PERMISSIONS
fi
cat << PERMISSIONS >> "$SCRIPTS/adjust-startup-permissions.sh"
find "$MOUNT_PATH/" -not -path "$MOUNT_PATH/.snapshots/*" \\( ! -perm 770 -o ! -group www-data \
-o ! -user www-data \\) -exec chmod 770 {} \\; \
-exec chown www-data:www-data {} \\;
PERMISSIONS
chown root:root "$SCRIPTS/adjust-startup-permissions.sh"
chmod 700 "$SCRIPTS/adjust-startup-permissions.sh"
crontab -u root -l | grep -v "$SCRIPTS/adjust-startup-permissions.sh" | crontab -u root -
crontab -u root -l | { cat; echo "@reboot $SCRIPTS/adjust-startup-permissions.sh"; } | crontab -u root -
# Delete crontab
crontab -u root -l | grep -v 'veracrypt-automount.sh' | crontab -u root -
# Create service instead
cat << SERVICE > /etc/systemd/system/veracrypt-automount.service
[Unit]
Description=Mount Veracrypt Devices
After=boot.mount
Before=network.target
[Service]
Type=forking
ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh
TimeoutStopSec=1
[Install]
WantedBy=multi-user.target
SERVICE
systemctl disable veracrypt-automount &>/dev/null
systemctl enable veracrypt-automount
# Adjust permissions
print_text_in_color "$ICyan" "Adjusting permissions..."
chown -R www-data:www-data "$MOUNT_PATH"
chmod -R 770 "$MOUNT_PATH"
# Automatically create snapshots
mkdir -p "$MOUNT_PATH/.snapshots"
if ! [ -f "$SCRIPTS/create-hourly-btrfs-snapshots.sh" ]
then
cat << SNAPSHOT > "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
chmod 700 "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
# Variables
MAX_SNAPSHOTS=54
CURRENT_DATE=\$(date --date @"\$(date +%s)" +"%Y%m%d_%H%M%S")
SNAPSHOT
fi
cat << SNAPSHOT >> "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
# $MOUNT_PATH
btrfs subvolume snapshot -r "$MOUNT_PATH/" "$MOUNT_PATH/.snapshots/@\$CURRENT_DATE"
while [ "\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | wc -l)" -gt "\$MAX_SNAPSHOTS" ]
do
DELETE="\$(find "$MOUNT_PATH/.snapshots/" -maxdepth 1 -mindepth 1 -type d -name '@*_*' | sort | head -1)"
btrfs subvolume delete "\$DELETE"
done
SNAPSHOT
chown root:root "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
chmod 700 "$SCRIPTS/create-hourly-btrfs-snapshots.sh"
if yesno_box_yes "Do you want snapshots to get created every 15 min? (Recommended for SSDs!)
If at least one Veracrypt-BTRFS drive is a HDD, you should choose 'No' here to create snapshots every hour!"
then
crontab -u root -l | grep -v "$SCRIPTS/create-hourly-btrfs-snapshots.sh" | crontab -u root -
crontab -u root -l | { cat; echo "*/15 8-17 * * * $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root -
crontab -u root -l | { cat; echo "0 18-23,0-7 * * * $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root -
else
crontab -u root -l | grep -v "$SCRIPTS/create-hourly-btrfs-snapshots.sh" | crontab -u root -
crontab -u root -l | { cat; echo "@hourly $SCRIPTS/create-hourly-btrfs-snapshots.sh >/dev/null"; } | crontab -u root -
fi
# Execute monthly scrubs
if ! [ -f "$SCRIPTS/scrub-btrfs-weekly.sh" ]
then
cat << SNAPSHOT > "$SCRIPTS/scrub-btrfs-weekly.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/scrub-btrfs-weekly.sh"
chmod 700 "$SCRIPTS/scrub-btrfs-weekly.sh"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
SNAPSHOT
fi
cat << SNAPSHOT >> "$SCRIPTS/scrub-btrfs-weekly.sh"
# $MOUNT_PATH
notify_admin_gui "Starting weekly BTRFS check of $MOUNT_PATH" "Starting BTRFS-scrub of $MOUNT_PATH.
You will be notified again when the scrub is done"
if ! btrfs scrub start -B "$MOUNT_PATH"
then
notify_admin_gui "Error while performing weekly BTRFS scrub of $MOUNT_PATH!" \
"Error on $MOUNT_PATH\nPlease look at $VMLOGS/weekly-btrfs-scrub.log for further info!"
else
notify_admin_gui "Weekly BTRFS scrub successful of $MOUNT_PATH!" \
"$MOUNT_PATH was successfully tested!\nPlease look at $VMLOGS/weekly-btrfs-scrub.log for further info!"
fi
SNAPSHOT
chown root:root "$SCRIPTS/scrub-btrfs-weekly.sh"
chmod 700 "$SCRIPTS/scrub-btrfs-weekly.sh"
crontab -u root -l | grep -v "$SCRIPTS/scrub-btrfs-weekly.sh" | crontab -u root -
crontab -u root -l | { cat; echo "0 0 1,16 * * $SCRIPTS/scrub-btrfs-weekly.sh >> $VMLOGS/weekly-btrfs-scrub.log 2>&1"; } | crontab -u root -
# Inform the user
msg_box "Congratulations! The mount was successful.
You can now access the partition here:
$MOUNT_PATH"
# Test if Plex is installed
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
# Reconfiguring Plex
msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive.
This can take a while. Please be patient!"
print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..."
docker pull assaflavie/runlike
echo '#/bin/bash' > /tmp/pms-conf
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf
if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf
then
MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}"
sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf
docker stop plex
if ! docker rm plex
then
msg_box "Something failed while removing the old container."
exit 1
fi
if ! bash /tmp/pms-conf
then
msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'"
exit 1
fi
rm /tmp/pms-conf
msg_box "Plex was adjusted!"
else
rm /tmp/pms-conf
msg_box "No need to update Plex, since the drive is already mounted to Plex."
fi
fi
exit

336
not-supported/veracrypt-ntfs.sh
View File

@ -1,336 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Veracrypt"
SCRIPT_EXPLAINER="This script automates formatting, encrypting and mounting drives with Veracrypt."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Show explainer
msg_box "$SCRIPT_EXPLAINER"
if ! is_this_installed veracrypt
then
if ! yesno_box_yes "Do you want to install $SCRIPT_NAME?"
then
exit 1
fi
msg_box "Please note that in order to install Veracrypt on your server, \
we need to add a 3rd Party PPA, which theoretically could set your server under risk."
if ! yesno_box_yes "Do you want to continue nonetheless?"
then
exit 1
fi
msg_box "We will now install Veracrypt. This can take a long time. Please be patient!"
add-apt-repository ppa:unit193/encryption -y
apt-get update -q4 & spinner_loading
apt-get install veracrypt --no-install-recommends -y
fi
# Discover drive
msg_box "Please disconnect your drive for now and connect it again AFTER you hit OK.
Otherwise we will not be able to detect it."
CURRENT_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
count=0
while [ "$count" -lt 60 ]
do
print_text_in_color "$ICyan" "Please connect your drive now."
sleep 5 & spinner_loading
echo ""
NEW_DRIVES=$(lsblk -o KNAME,TYPE | grep disk | awk '{print $1}')
if [ "$CURRENT_DRIVES" = "$NEW_DRIVES" ]
then
count=$((count+5))
else
msg_box "A new drive was found. We will continue with the mounting now.
Please leave it connected."
break
fi
done
# Exit if no new drive was found
if [ "$count" -ge 60 ]
then
msg_box "No new drive found within 60 seconds.
Please run this option again if you want to try again."
exit 1
fi
# Get all new drives
mapfile -t CURRENT_DRIVES <<< "$CURRENT_DRIVES"
for drive in "${CURRENT_DRIVES[@]}"
do
NEW_DRIVES=$(echo "$NEW_DRIVES" | grep -v "^$drive")
done
# Partition menu
args=(whiptail --title "$TITLE" --menu \
"Please select the drive that you would like to format and encrypt with Veracrypt.
$MENU_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4)
# Get information that are important
mapfile -t NEW_DRIVES <<< "$NEW_DRIVES"
for drive in "${NEW_DRIVES[@]}"
do
DRIVE_DESCRIPTION=$(lsblk -o NAME,SIZE,VENDOR,MODEL | grep "^$drive" | awk '{print $2, $3, $4}')
args+=("/dev/$drive" " $DRIVE_DESCRIPTION")
done
# Show the drive menu
DEVICE=$("${args[@]}" 3>&1 1>&2 2>&3)
if [ -z "$DEVICE" ]
then
exit 1
fi
# Ask for password
while :
do
PASSWORD=$(input_box_flow "Please enter the Password that you would like to use for encrypting your drive '$DEVICE'
It should be a strong password.
If you want to cancel, just type in 'exit' and press [ENTER].")
if [ "$PASSWORD" = "exit" ]
then
exit 1
fi
if yesno_box_no "Have you saved the password at a safe place?"
then
break
fi
done
# Last info box
if ! yesno_box_no "Warning: Are you really sure, that you want to format the drive '$DEVICE' and encrypt it?
All current files on the drive will be erased!
Select 'Yes' to continue with the process. Select 'No' to cancel."
then
exit 1
fi
# Inform user
msg_box "We will now format the drive '$DEVICE' and encrypt it with Veracrypt. Please be patient!"
# Wipe drive
dd if=/dev/urandom of="$DEVICE" bs=1M count=2
parted "$DEVICE" mklabel gpt --script
parted "$DEVICE" mkpart primary 0% 100% --script
# Wait so that veracrypt doesn't fail
sleep 1
# Format drive
# https://relentlesscoding.com/posts/encrypt-device-with-veracrypt-from-the-command-line/
if ! echo "$PASSWORD" \
| veracrypt --text --quick \
--non-interactive \
--create "$DEVICE"1 \
--volume-type=normal \
--encryption=AES \
--hash=SHA-512 \
--filesystem=NTFS \
--stdin > /dev/null
then
msg_box "Something failed while encrypting with Veracrypt."
exit 1
fi
# Inform user
msg_box "Formatting and encryption with Veracrypt was successful!"
# Mount it
if ! yesno_box_yes "Do you want to mount the encrypted partition to your server?"
then
exit 1
fi
# Get PARTUUID
PARTUUID=$(lsblk -o PATH,PARTUUID | grep "^$DEVICE"1 | awk '{print $2}')
# Enter the mountpoint
while :
do
MOUNT_PATH=$(input_box_flow "Please type in the directory where you want to mount the partition.
One example is: '/mnt/data'
The directory has to start with '/mnt/'
If you want to cancel, type 'exit' and press [ENTER].")
if [ "$MOUNT_PATH" = "exit" ]
then
exit 1
elif echo "$MOUNT_PATH" | grep -q " "
then
msg_box "Please don't use spaces!"
elif ! echo "$MOUNT_PATH" | grep -q "^/mnt/"
then
msg_box "The directory has to stat with '/mnt/'"
elif grep -q " $MOUNT_PATH " /etc/fstab
then
msg_box "The mountpoint already exists in fstab. Please try a different one."
elif mountpoint -q "$MOUNT_PATH"
then
msg_box "The mountpoint is already mounted. Please try a different one."
elif echo "$MOUNT_PATH" | grep -q "^/mnt/ncdata"
then
msg_box "The directory isn't allowed to start with '/mnt/ncdata'"
elif echo "$MOUNT_PATH" | grep -q "^/mnt/smbshares"
then
msg_box "The directory isn't allowed to start with '/mnt/smbshares'"
else
mkdir -p "$MOUNT_PATH"
if ! echo "$PASSWORD" | veracrypt -t -k "" --pim=0 --protect-hidden=no \
--fs-options=windows_names,uid=www-data,gid=www-data,umask=007 \
"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH"
then
msg_box "Something failed while trying to mount the Volume. Please try again."
else
break
fi
fi
done
# Create automount script
# Unfortunately the automount via crypttab doesn't work (when using a passphrase-file)
if ! [ -f "$SCRIPTS/veracrypt-automount.sh" ]
then
cat << AUTOMOUNT > "$SCRIPTS/veracrypt-automount.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/veracrypt-automount.sh"
chmod 700 "$SCRIPTS/veracrypt-automount.sh"
# Reset maintenance mode to disabled upon restart
sed -i "/'maintenance'/s/true/false/" "$NCPATH/config/config.php"
# Veracrypt entries
AUTOMOUNT
fi
# Write to file
cat << AUTOMOUNT >> "$SCRIPTS/veracrypt-automount.sh"
if ! echo '$PASSWORD' | veracrypt -t -k "" --pim=0 --protect-hidden=no \
--fs-options=windows_names,uid=www-data,gid=www-data,umask=007 \
"/dev/disk/by-partuuid/$PARTUUID" "$MOUNT_PATH"
then
sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php"
source /var/scripts/fetch_lib.sh
nextcloud_occ_no_check maintenance:mode --on
send_mail "$MOUNT_PATH could not get mounted!" "Please connect the drive and reboot your server! \
The maintenance mode was activated to prevent any issue with Nextcloud. \
A reboot should fix the issue if the drive is successfully connected again."
fi
AUTOMOUNT
# Secure the file
chown root:root "$SCRIPTS/veracrypt-automount.sh"
chmod 700 "$SCRIPTS/veracrypt-automount.sh"
# Test if drive is connected
cat << CONNECTED > "$SCRIPTS/is-drive-connected.sh"
#!/bin/bash
# Secure the file
chown root:root "$SCRIPTS/is-drive-connected.sh"
chmod 700 "$SCRIPTS/is-drive-connected.sh"
# Entries
PARTUUID="\$1"
# Test if drive is connected
while lsblk "/dev/disk/by-partuuid/\$PARTUUID" &>/dev/null
do
sleep 1
done
# Continue if not
if grep -q "'maintenance'" "$NCPATH/config/config.php"
then
sed -i "/'maintenance'/s/false/true/" "$NCPATH/config/config.php"
source /var/scripts/fetch_lib.sh
else
source /var/scripts/fetch_lib.sh
nextcloud_occ_no_check maintenance:mode --on
fi
send_mail "One veracrypt drive is not connected anymore!" "Please connect the drive and reboot your server!
The maintenance mode was activated to prevent any issue with Nextcloud.
You can disable it after the drive is successfully mounted again!"
CONNECTED
# Secure the file
chown root:root "$SCRIPTS/is-drive-connected.sh"
chmod 700 "$SCRIPTS/is-drive-connected.sh"
# Create crontab and start
crontab -u root -l | { cat; echo "@reboot $SCRIPTS/is-drive-connected.sh '$PARTUUID' >/dev/null"; } | crontab -u root -
nohup bash "$SCRIPTS/is-drive-connected.sh" "$PARTUUID" &>/dev/null &
# Delete crontab
crontab -u root -l | grep -v 'veracrypt-automount.sh' | crontab -u root -
# Create service instead
cat << SERVICE > /etc/systemd/system/veracrypt-automount.service
[Unit]
Description=Mount Veracrypt Devices
After=boot.mount
Before=network.target
[Service]
Type=forking
ExecStart=-/bin/bash $SCRIPTS/veracrypt-automount.sh
TimeoutStopSec=1
[Install]
WantedBy=multi-user.target
SERVICE
systemctl disable veracrypt-automount &>/dev/null
systemctl enable veracrypt-automount
# Inform the user
msg_box "Congratulations! The mount was successful.
You can now access the partition here:
$MOUNT_PATH"
# Test if Plex is installed
if is_docker_running && docker ps -a --format "{{.Names}}" | grep -q "^plex$"
then
# Reconfiguring Plex
msg_box "Plex Media Server found. We are now adjusting Plex to be able to use the new drive.
This can take a while. Please be patient!"
print_text_in_color "$ICyan" "Downloading the needed tool to get the current Plex config..."
docker pull assaflavie/runlike
echo '#/bin/bash' > /tmp/pms-conf
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p plex >> /tmp/pms-conf
if ! grep -q "$MOUNT_PATH:$MOUNT_PATH:ro" /tmp/pms-conf
then
MOUNT_PATH_SED="${MOUNT_PATH//\//\\/}"
sed -i "0,/--volume/s// -v $MOUNT_PATH_SED:$MOUNT_PATH_SED:ro \\\\\n&/" /tmp/pms-conf
docker stop plex
if ! docker rm plex
then
msg_box "Something failed while removing the old container."
exit 1
fi
if ! bash /tmp/pms-conf
then
msg_box "Starting the new container failed. You can find the config here: '/tmp/pms-conf'"
exit 1
fi
rm /tmp/pms-conf
msg_box "Plex was adjusted!"
else
rm /tmp/pms-conf
msg_box "No need to update Plex, since the drive is already mounted to Plex."
fi
fi
exit

184
old/face-recognition.sh
View File

@ -1,184 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Copyright © 2021 Simon Lindner (https://github.com/szaimen)
true
SCRIPT_NAME="Face Recognition"
SCRIPT_EXPLAINER="The $SCRIPT_NAME app allows to automatically scan for faces inside your Nextcloud."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Check compatibility
check_distro_version
check_php
if [[ "$PHPVER" != "8.1" ]] && [[ "$PHPVER" != "7.4" ]]
then
msg_box "Currently only PHP 7.4 and PHP 8.1 is supported by this script."
exit 1
fi
# Encryption may not be enabled
if is_app_enabled encryption || is_app_enabled end_to_end_encryption
then
msg_box "It seems like you have encryption enabled which is unsupported by the $SCRIPT_NAME app!"
exit 1
fi
# Compatible with NC21 and above
lowest_compatible_nc 21
# Hardware requirements
# https://github.com/matiasdelellis/facerecognition/wiki/Requirements-and-Limitations#hardware-requirements
# https://github.com/matiasdelellis/facerecognition/wiki/Models#model-3
ram_check 2
cpu_check 2
# Check if facerecognition is already installed
if ! is_app_installed facerecognition && ! is_this_installed php7.4-pdlib && ! is_this_installed php8.1-pdli
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Ask for removal or reinstallation
reinstall_remove_menu "$SCRIPT_NAME"
# Removal
if is_this_installed php7.4-pdlib
then
apt-get purge php7.4-pdlib -y
rm -f /etc/apt/sources.list.d/20-pdlib.list
apt-get update -q4 & spinner_loading
apt-get autoremove -y
rm -f /etc/apt/trusted.gpg.d/facerecognition.gpg
elif is_this_installed php8.1-pdlib
then
apt-get purge php8.1-pdlib -y
rm -f /etc/apt/sources.list.d/facerecognition-pdlib.list
apt-get update -q4 & spinner_loading
apt-get autoremove -y
rm -f /etc/apt/keyrings/repo.gpg.key
fi
crontab -u www-data -l | grep -v "face_background_job.log" | crontab -u www-data -
crontab -u www-data -l | grep -v "face:background_job" | crontab -u www-data -
if is_app_enabled facerecognition
then
if yesno_box_no "Do you want to reset all face data?
The background scanner will then have to rescan all files for faces when you install the app again."
then
echo y | nextcloud_occ face:reset --all
fi
nextcloud_occ config:app:set facerecognition handle_external_files --value false
nextcloud_occ config:app:set facerecognition handle_group_files --value false
nextcloud_occ config:app:set facerecognition handle_shared_files --value false
fi
if is_app_installed facerecognition
then
nextcloud_occ app:remove facerecognition
fi
rm -f "$VMLOGS"/face_background_job.log
# Show successful uninstall if applicable
removal_popup "$SCRIPT_NAME"
fi
# Inform about dependencies
msg_box "Please note that the $SCRIPT_NAME app needs an additional PHP dependency \
to work which will need to be installed from an external repository.
This can set your server under risk."
if ! yesno_box_yes "Do you want to install the required dependency?
If you choose 'No', the installation will be aborted."
then
exit 1
fi
# Install requirements
if version 22.04 "$DISTRO" 22.04.10
then
# https://github.com/matiasdelellis/facerecognition/wiki/PDlib-Installation#ubuntu-jammy
add_trusted_key_and_repo "repo.gpg.key" \
"https://repo.delellis.com.ar" \
"https://repo.delellis.com.ar" \
"focal focal" \
"facerecognition-pdlib.list"
install_if_not php"$PHPVER"-pdlib
elif version 24.04 "$DISTRO" 24.04.10
then
# https://github.com/matiasdelellis/facerecognition/wiki/PDlib-Installation#ubuntu-noble
add_trusted_key_and_repo "repo.gpg.key" \
"https://repo.delellis.com.ar" \
"https://repo.delellis.com.ar" \
"$CODENAME $CODENAME" \
"facerecognition-pdlib.list"
install_if_not php"$PHPVER"-pdlib
fi
# Install the app
install_and_enable_app facerecognition
if ! is_app_enabled facerecognition
then
msg_box "Could not install the $SCRIPT_NAME app. Cannot proceed."
exit 1
fi
# Set up face model and max memory usage
# https://github.com/matiasdelellis/facerecognition/wiki/Models#comparison
# https://github.com/matiasdelellis/facerecognition/tree/master#initial-setup
nextcloud_occ face:setup --memory 2GB
nextcloud_occ face:setup --model 3
# Set temporary files size
nextcloud_occ config:app:set facerecognition analysis_image_area --value="4320000"
# Additional settings
# https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings
if yesno_box_no "Do you want the $SCRIPT_NAME app to scan external storages?
This is currently highly inefficient since it will scan all external storges multiple times (once for each user) \
and can produce a lot of network traffic.
(The scan will need to access all files, also if they are stored externally.)
Hence, you should only enable this option if you are only using local external storage \
or if you don't use the external storage app at all."
then
nextcloud_occ config:app:set facerecognition handle_external_files --value true
fi
if yesno_box_no "Do you want the $SCRIPT_NAME app to scan groupfolders?
This is currently highly inefficient since it will scan all groupfolders multiple times (once for each user)."
then
nextcloud_occ config:app:set facerecognition handle_group_files --value true
fi
if yesno_box_no "Do you want the $SCRIPT_NAME app to scan shared folders/files?
This is currently highly inefficient since it will scan all shared folders/files multiple times (once for each user)."
then
nextcloud_occ config:app:set facerecognition handle_shared_files --value true
fi
# Allow the background scanner to scan the files for each user again and enable face scanning for all users
# https://github.com/matiasdelellis/facerecognition/wiki/Settings#notes
NC_USERS_NEW=$(nextcloud_occ_no_check user:list | sed 's|^ - ||g' | sed 's|:.*||')
mapfile -t NC_USERS_NEW <<< "$NC_USERS_NEW"
for user in "${NC_USERS_NEW[@]}"
do
nextcloud_occ user:setting "$user" facerecognition full_image_scan_done false
nextcloud_occ user:setting "$user" facerecognition enabled true
done
# Make sure that the logfile doesn't get crazy big.
crontab -u www-data -l | grep -v "face_background_job.log" | crontab -u www-data -
crontab -u www-data -l | { cat; echo "@daily rm -f $VMLOGS/face_background_job.log"; } | crontab -u www-data -
# Schedule background scan
# https://github.com/matiasdelellis/facerecognition/wiki/Schedule-Background-Task#cron
crontab -u www-data -l | grep -v "face:background_job" | crontab -u www-data -
crontab -u www-data -l | { cat; echo "*/30 * * * * php -f $NCPATH/occ \
face:background_job -t 900 --defer-clustering >> $VMLOGS/face_background_job.log"; } | crontab -u www-data -
msg_box "Congratulations, $SCRIPT_NAME was successfully installed!
You just need to wait now and let the background job do its work.
After a while, you should see more and more faces that were found in your Nextcloud."

162
old/format-sda-nuc-server.sh
View File

@ -1,162 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Format sda NUC Server"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check if root
root_check
# Needs to be Ubuntu 22.04 and Multiverse
check_distro_version
check_multiverse
MOUNT_=/mnt/$POOLNAME
# Needed for partprobe
install_if_not parted
format() {
# umount if mounted
umount /mnt/* &> /dev/null
# mkdir if not existing
mkdir -p "$MOUNT_"
DEVTYPE=sda
# Get the name of the drive
DISKTYPE=$(fdisk -l | grep $DEVTYPE | awk '{print $2}' | cut -d ":" -f1 | head -1)
if [ "$DISKTYPE" != "/dev/$DEVTYPE" ]
then
msg_box "It seems like your $SYSNAME secondary volume (/dev/$DEVTYPE) does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
# Check if ZFS utils are installed
install_if_not zfsutils-linux
# Check still not mounted
#These functions return exit codes: 0 = found, 1 = not found
isMounted() { findmnt -rno SOURCE,TARGET "$1" >/dev/null;} #path or device
isDevMounted() { findmnt -rno SOURCE "$1" >/dev/null;} #device only
isPathMounted() { findmnt -rno TARGET "$1" >/dev/null;} #path only
isDevPartOfZFS() { zpool status | grep "$1" >/dev/null;} #device member of a zpool
if isPathMounted "/mnt/ncdata"; #Spaces in path names are ok.
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevMounted "/dev/$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is mounted and need to be unmounted before you can run this script."
exit 1
fi
# Universal:
if isMounted "/mnt/ncdata";
then
msg_box "/mnt/ncdata is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isMounted "/dev/${DEVTYPE}1";
then
msg_box "/dev/${DEVTYPE}1 is mounted and need to be unmounted before you can run this script."
exit 1
fi
if isDevPartOfZFS "$DEVTYPE";
then
msg_box "/dev/$DEVTYPE is a member of a ZFS pool and needs to be removed from any zpool before you can run this script."
exit 1
fi
if lsblk -l -n | grep -v mmcblk | grep disk | awk '{ print $1 }' | tail -1 > /dev/null
then
msg_box "Formatting your $SYSNAME secondary volume ($DISKTYPE) when you hit OK.
*** WARNING: ALL YOUR DATA WILL BE ERASED! ***"
if zpool list | grep "$POOLNAME" > /dev/null
then
check_command zpool destroy "$POOLNAME"
fi
check_command wipefs -a -f "$DISKTYPE"
sleep 0.5
check_command zpool create -f -o ashift=12 "$POOLNAME" "$DISKTYPE"
check_command zpool set failmode=continue "$POOLNAME"
check_command zfs set mountpoint="$MOUNT_" "$POOLNAME"
check_command zfs set compression=lz4 "$POOLNAME"
check_command zfs set sync=standard "$POOLNAME"
check_command zfs set xattr=sa "$POOLNAME"
check_command zfs set primarycache=all "$POOLNAME"
check_command zfs set atime=off "$POOLNAME"
check_command zfs set recordsize=128k "$POOLNAME"
check_command zfs set logbias=latency "$POOLNAME"
else
msg_box "It seems like /dev/$DEVTYPE does not exist.
This script requires that you mount a second drive to hold the data.
Please shutdown the server and mount a second drive, then start this script again.
If you want help you can buy support in our shop:
https://shop.hanssonit.se/product/premium-support-per-30-minutes/"
exit 1
fi
}
format
# Do a backup of the ZFS mount
if is_this_installed libzfs2linux
then
if grep -r $POOLNAME /etc/mtab
then
install_if_not zfs-auto-snapshot
sed -i "s|date --utc|date|g" /usr/sbin/zfs-auto-snapshot
fi
fi
# Check if UUID is used
if zpool list -v | grep "$DEVTYPE"
then
# Get UUID
check_command partprobe -s
if fdisk -l /dev/"$DEVTYPE"1 >/dev/null 2>&1
then
UUID_SDB1=$(blkid -o value -s UUID /dev/"DEVTYPE"1)
fi
# Export / import the correct way (based on UUID)
check_command zpool export "$POOLNAME"
check_command zpool import -d /dev/disk/by-uuid/"$UUID_SDB1" "$POOLNAME"
fi
# Success!
if grep "$POOLNAME" /etc/mtab
then
msg_box "$MOUNT_ mounted successfully as a ZFS volume.
Automatic scrubbing is done monthly via a cronjob that you can find here:
/etc/cron.d/zfsutils-linux
Automatic snapshots are taken with 'zfs-auto-snapshot'. You can list current snapshots with:
'sudo zfs list -t snapshot'.
Manpage is here:
http://manpages.ubuntu.com/manpages/focal/man8/zfs-auto-snapshot.8.html
CURRENT STATUS:
$(zpool status $POOLNAME)
$(zpool list)"
fi

98
old/modsecurity.sh
View File

@ -1,98 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Modsecurity"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
print_text_in_color "$ICyan" "Installing ModSecurity..."
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Add modsecurity
apt-get update -q4 & spinner_loading
install_if_not libapache2-mod-security2
install_if_not modsecurity-crs
mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
msg_box "WARNING WARNING WARNING WARNING WARNING WARNING:
Do not enable active defense if you don't know what you're doing!
It will break OnlyOffice, and it may break other stuff as well in Nextcloud as it's
blocking access to files automatically.
You can monitor the audit log by typing this command in your shell:
tail -f /var/log/apache2/modsec_audit.log
You can disable it by typing this command in your shell:
sed -i 's/SecRuleEngine .*/SecRuleEngine DetectionOnly/g' /etc/modsecurity/modsecurity.conf
YOU HAVE BEEN WARNED."
if yesno_box_yes "Do you want to enable active defense?"
then
sed -i 's|SecRuleEngine .*|SecRuleEngine on|g' /etc/modsecurity/modsecurity.conf
fi
cat << MODSECWHITE > "/etc/modsecurity/whitelist.conf"
<Directory $NCPATH>
# VIDEOS
SecRuleRemoveById 958291 # Range Header Checks
SecRuleRemoveById 981203 # Correlated Attack Attempt
# PDF
SecRuleRemoveById 950109 # Check URL encodings
# ADMIN (webdav)
SecRuleRemoveById 960024 # Repeatative Non-Word Chars (heuristic)
SecRuleRemoveById 981173 # SQL Injection Character Anomaly Usage
SecRuleRemoveById 981204 # Correlated Attack Attempt
SecRuleRemoveById 981243 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981245 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981246 # PHPIDS - Converted SQLI Filters
SecRuleRemoveById 981318 # String Termination/Statement Ending Injection Testing
SecRuleRemoveById 973332 # XSS Filters from IE
SecRuleRemoveById 973338 # XSS Filters - Category 3
SecRuleRemoveById 981143 # CSRF Protections ( TODO edit LocationMatch filter )
# COMING BACK FROM OLD SESSION
SecRuleRemoveById 970903 # Microsoft Office document properties leakage
# NOTES APP
SecRuleRemoveById 981401 # Content-Type Response Header is Missing and X-Content-Type-Options is either missing or not set to 'nosniff'
SecRuleRemoveById 200002 # Failed to parse request body
# UPLOADS ( 20 MB max excluding file size )
SecRequestBodyNoFilesLimit 20971520
# GENERAL
SecRuleRemoveById 960017 # Host header is a numeric IP address
# SAMEORIGN
SecRuleRemoveById 911100 # fpm socket
# REGISTERED WARNINGS, BUT DID NOT HAVE TO DISABLE THEM
#SecRuleRemoveById 981220 900046 981407
#SecRuleRemoveById 981222 981405 981185 981184
</Directory>
MODSECWHITE
# Don't log in Apache2 error.log, only in a separate log (/var/log/apache2/modsec_audit.log)
check_command sed -i 's|SecDefaultAction "phase:1,log,auditlog,pass"|# SecDefaultAction "phase:1,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|SecDefaultAction "phase:2,log,auditlog,pass"|# SecDefaultAction "phase:2,log,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|# SecDefaultAction "phase:1,nolog,auditlog,pass"|SecDefaultAction "phase:1,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
check_command sed -i 's|# SecDefaultAction "phase:2,nolog,auditlog,pass"|SecDefaultAction "phase:2,nolog,auditlog,pass"|g' /etc/modsecurity/crs/crs-setup.conf
if [ -f /etc/modsecurity/whitelist.conf ]
then
print_text_in_color "$IGreen" "ModSecurity activated!"
restart_webserver
fi

23
old/ntpdate.sh
View File

@ -1,23 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Ntpdate"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
if network_ok
then
if is_this_installed ntpdate
then
ntpdate -s 1.se.pool.ntp.org
fi
fi
exit

302
old/previewgenerator.sh
View File

@ -1,302 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Preview Generator"
SCRIPT_EXPLAINER="This script will install the Preview Generator.
It can speedup the loading of previews in Nextcloud a lot."
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# PHP 7.x is needed
if is_this_installed php5.6-common || is_this_installed php5.5-common
then
msg_box "At least PHP 7.X is required, please upgrade your PHP version: \
https://shop.hanssonit.se/product/upgrade-php-version-including-dependencies/"
exit
fi
# Encryption may not be enabled
if is_app_enabled encryption || is_app_enabled end_to_end_encryption
then
msg_box "It seems like you have encryption enabled which is unsupported when using the Preview Generator"
exit
fi
# Check if previewgenerator is already installed
if ! is_app_installed previewgenerator
then
# Ask for installing
install_popup "$SCRIPT_NAME"
else
# Ask for removal or reinstallation
reinstall_remove_menu "$SCRIPT_NAME"
# Removal
nextcloud_occ app:remove previewgenerator
# reset the preview formats
nextcloud_occ_no_check config:system:delete "enabledPreviewProviders"
nextcloud_occ config:system:delete preview_max_x
nextcloud_occ config:system:delete preview_max_y
nextcloud_occ config:system:delete jpeg_quality
nextcloud_occ config:system:delete preview_max_memory
nextcloud_occ config:system:delete enable_previews
# reset the cronjob
crontab -u www-data -l | grep -v 'preview:pre-generate' | crontab -u www-data -
# Remove apps
APPS=(php-imagick libmagickcore-6.q16-3-extra imagemagick-6.q16-extra)
for app in "${APPS[@]}"
do
if is_this_installed "$app"
then
apt-get purge "$app" -y
fi
done
if is_this_installed ffmpeg && ! is_app_installed integration_whiteboard
then
apt-get purge ffmpeg -y
fi
apt-get autoremove -y
rm -rf /etc/ImageMagick-6
if yesno_box_no "Do you want to remove all previews that were generated until now?
This will most likely clear a lot of space but your server will need to re-generate the previews \
if you should opt to re-enable previews again."
then
countdown "Removing the preview folder. This can take a while..." "5"
rm -rfv "$NCDATA"/appdata_*/preview
print_text_in_color "$ICyan" "Scanning Nextclouds appdata directory after removing all previews. \
This can take a while..."
nextcloud_occ files:scan-app-data -vvv
msg_box "All previews were successfully removed."
fi
# Show successful uninstall if applicable
removal_popup "$SCRIPT_NAME"
fi
# Install preview generator
install_and_enable_app previewgenerator
# check if the previewgenerator is installed and enabled
if is_app_enabled previewgenerator
then
# enable previews
nextcloud_occ config:system:set enable_previews --value=true --type=boolean
# install needed dependency for movies
install_if_not ffmpeg
else
exit
fi
msg_box "In the next step you can choose to install a package called imagick \
to speed up the generation of previews and add support for more filetypes.
The currently supported filetypes are:
* PNG
* JPEG
* GIF
* BMP
* MarkDown
* MP3
* TXT
* Movie
* Photoshop (needs imagick)
* SVG (needs imagick)
* TIFF (needs imagick)"
msg_box "IMPORTANT NOTE!!
Imagick will put your server at risk as it's is known to have several flaws.
You can check this issue to understand why: https://github.com/nextcloud/vm/issues/743
Please note: If you choose not to install imagick, it will get removed now."
if yesno_box_no "Do you want to install imagick?"
then
check_php
# Install imagick
install_if_not php"$PHPVER"-imagick
if version 24.04 "$DISTRO" 24.04.10
then
install_if_not libmagickcore-6.q16-6-extra
elif version 22.04 "$DISTRO" 22.04.10
then
install_if_not libmagickcore-6.q16-3-extra
fi
# Memory tuning
sed -i 's|policy domain="resource" name="memory" value=.*|policy domain="resource" name="memory" value="512MiB"|g' /etc/ImageMagick-6/policy.xml
sed -i 's|policy domain="resource" name="map" value=.*|policy domain="resource" name="map" value="1024MiB"|g' /etc/ImageMagick-6/policy.xml
sed -i 's|policy domain="resource" name="area" value=.*|policy domain="resource" name="area" value="256MiB"|g' /etc/ImageMagick-6/policy.xml
sed -i 's|policy domain="resource" name="disk" value=.*|policy domain="resource" name="disk" value="8GiB"|g' /etc/ImageMagick-6/policy.xml
# Choose file formats fo the case when imagick is installed.
# for additional previews please look at the Nextcloud documentation. But these probably won't work.
choice=$(whiptail --title "$TITLE - Choose file formats" --checklist \
"Now you can choose for which file formats you would like to generate previews for
$CHECKLIST_GUIDE\n\n$RUN_LATER_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"PNG" "" ON \
"JPEG" "" ON \
"GIF" "" ON \
"BMP" "" ON \
"MarkDown" "" ON \
"MP3" "" ON \
"TXT" "" ON \
"Movie" "" ON \
"Photoshop" "" ON \
"SVG" "" ON \
"TIFF" "" ON 3>&1 1>&2 2>&3)
case "$choice" in
*"PNG"*)
nextcloud_occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\PNG"
;;&
*"JPEG"*)
nextcloud_occ config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\JPEG"
;;&
*"GIF"*)
nextcloud_occ config:system:set enabledPreviewProviders 2 --value="OC\\Preview\\GIF"
;;&
*"BMP"*)
nextcloud_occ config:system:set enabledPreviewProviders 3 --value="OC\\Preview\\BMP"
;;&
*"MarkDown"*)
nextcloud_occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\MarkDown"
;;&
*"MP3"*)
nextcloud_occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\MP3"
;;&
*"TXT"*)
nextcloud_occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\TXT"
;;&
*"Movie"*)
nextcloud_occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Movie"
;;&
*"Photoshop"*)
nextcloud_occ config:system:set enabledPreviewProviders 8 --value="OC\\Preview\\Photoshop"
;;&
*"SVG"*)
nextcloud_occ config:system:set enabledPreviewProviders 9 --value="OC\\Preview\\SVG"
;;&
*"TIFF"*)
nextcloud_occ config:system:set enabledPreviewProviders 10 --value="OC\\Preview\\TIFF"
;;&
*)
;;
esac
else
# check if imagick is installed and remove it
if is_this_installed php-imagick
then
apt-get purge php-imagick -y
elif is_this_installed php"$PHPVER"-imagick
then
apt-get purge php"$PHPVER"-imagick -y
fi
# check if libmagickcore is installed and remove it
if is_this_installed libmagickcore-6.q16-3-extra
then
apt-get purge libmagickcore-6.q16-3-extra -y
fi
# Choose file formats fo the case when imagick is not installed.
# for additional previews please look at the Nextcloud documentation. But these probably won't work.
choice=$(whiptail --title "$TITLE - Choose file formats" --checklist \
"Now you can choose for which file formats you would like to generate previews for
$CHECKLIST_GUIDE\n\n$RUN_LATER_GUIDE" "$WT_HEIGHT" "$WT_WIDTH" 4 \
"PNG" "" ON \
"JPEG" "" ON \
"GIF" "" ON \
"BMP" "" ON \
"MarkDown" "" ON \
"MP3" "" ON \
"TXT" "" ON \
"Movie" "" ON 3>&1 1>&2 2>&3)
case "$choice" in
*"PNG"*)
nextcloud_occ config:system:set enabledPreviewProviders 11 --value="OC\\Preview\\PNG"
;;&
*"JPEG"*)
nextcloud_occ config:system:set enabledPreviewProviders 12 --value="OC\\Preview\\JPEG"
;;&
*"GIF"*)
nextcloud_occ config:system:set enabledPreviewProviders 13 --value="OC\\Preview\\GIF"
;;&
*"BMP"*)
nextcloud_occ config:system:set enabledPreviewProviders 14 --value="OC\\Preview\\BMP"
;;&
*"MarkDown"*)
nextcloud_occ config:system:set enabledPreviewProviders 15 --value="OC\\Preview\\MarkDown"
;;&
*"MP3"*)
nextcloud_occ config:system:set enabledPreviewProviders 16 --value="OC\\Preview\\MP3"
;;&
*"TXT"*)
nextcloud_occ config:system:set enabledPreviewProviders 17 --value="OC\\Preview\\TXT"
;;&
*"Movie"*)
nextcloud_occ config:system:set enabledPreviewProviders 18 --value="OC\\Preview\\Movie"
;;&
*)
;;
esac
fi
# Set aspect ratio
nextcloud_occ config:app:set previewgenerator squareSizes --value="32 256"
nextcloud_occ config:app:set previewgenerator widthSizes --value="256 384"
nextcloud_occ config:app:set previewgenerator heightSizes --value="256"
nextcloud_occ config:system:set preview_max_x --value="2048"
nextcloud_occ config:system:set preview_max_y --value="2048"
nextcloud_occ config:system:set jpeg_quality --value="60"
nextcloud_occ config:system:set preview_max_memory --value="128"
nextcloud_occ config:app:set preview jpeg_quality --value="60"
# Add crontab for www-data
if ! crontab -u www-data -l | grep -q 'preview:pre-generate'
then
print_text_in_color "$ICyan" "Adding crontab for $SCRIPT_NAME"
crontab -u www-data -l | { cat; echo "*/10 * * * * php -f $NCPATH/occ preview:pre-generate >> $VMLOGS/previewgenerator.log"; } | crontab -u www-data -
touch "$VMLOGS"/previewgenerator.log
chown www-data:www-data "$VMLOGS"/previewgenerator.log
fi
msg_box "In the last step you can define a specific Nextcloud user for \
which will be the user that runs the Preview Generation.
The default behavior (just hit [ENTER]) is to run with the \
system user 'www-data' which will generate previews for all users.
If you on the other hand choose to use a specific user, previews will ONLY be generated for that specific user."
if ! yesno_box_no "Do you want to choose a specific Nextcloud user to generate previews?"
then
print_text_in_color "$ICyan" "Using www-data (all Nextcloud users) for generating previews..."
# Pre generate everything
nextcloud_occ preview:generate-all
else
while :
do
PREVIEW_USER=$(input_box "Enter the Nextcloud user for \
which you want to run the Preview Generation (as a scheduled task)")
if [ -z "$(nextcloud_occ user:list | grep "$PREVIEW_USER" | awk '{print $3}')" ]
then
msg_box "It seems like the user you entered ($PREVIEW_USER) doesn't exist, please try again."
else
break
fi
done
# Pre generate everything
nextcloud_occ preview:generate-all "$PREVIEW_USER"
fi
msg_box "Previewgenerator was successfully installed."

16
old/recover_apps.py
View File

@ -1,16 +0,0 @@
import glob, json, os, subprocess, requests
nc_path = '/var/www/nextcloud/apps/'
backup_path = '/var/NCBACKUP/apps/'
shipped_url = 'http://raw.githubusercontent.com/nextcloud/server/master/core/shipped.json'
json_data = requests.get(shipped_url, timeout=60).json()
shipped_apps = json_data['shippedApps'] + json_data['alwaysEnabled']
installed_dirs = set(os.path.basename(path) for path in glob.glob(backup_path + '*'))
missing_dirs = installed_dirs.difference(shipped_apps)
for d in missing_dirs:
# subprocess.call(['rsync', '-Aax', os.path.join(backup_path, d), nc_path])
# subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:enable', d])
subprocess.call(['sudo', '-u', 'www-data', '/var/www/nextcloud/occ', 'app:install', d])

128
old/spreedme.sh
View File

@ -1,128 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
true
SCRIPT_NAME="Spreedme"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# Get all needed variables from the library
nc_update
print_text_in_color "$ICyan" "Installing Spreed.ME..."
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
if ! is_root
then
printf "\n${Red}Sorry, you are not root.\n${Color_Off}You must type: ${ICyan}sudo ${Color_Off}bash %s/nextcloud_install_production.sh\n" "$SCRIPTS"
exit 1
fi
# Check if Nextcloud exists
root_check
# Nextcloud 13 is required.
lowest_compatible_nc 13
# Install if missing
install_if_not apache2
install_if_not snapd
# Install Nextcloud Spreed.ME Snap
if [ -d "$SNAPDIR" ]
then
print_text_in_color "$ICyan" "Spreed.ME Snap already seems to be installed and will now be re-installed..."
snap remove spreedme
rm -rf "$SNAPDIR"
snap install --edge spreedme
else
snap install --edge spreedme
fi
# Install and activate the Spreed.ME app
if [ -d "$NC_APPS_PATH/spreedme" ]
then
# Remove
nextcloud_occ app:disable spreedme
print_text_in_color "$ICyan" "Spreed.ME app already seems to be installed and will now be re-installed..."
rm -R "$NC_APPS_PATH/spreedme"
# Reinstall
nextcloud_occ app:install spreedme
else
nextcloud_occ app:install spreedme
fi
nextcloud_occ app:enable spreedme
chown -R www-data:www-data "$NC_APPS_PATH"
# Generate secret keys
SHAREDSECRET=$(openssl rand -hex 32)
TEMPLINK=$(openssl rand -hex 32)
sed -i "s|sharedsecret_secret = .*|sharedsecret_secret = $SHAREDSECRET|g" "$SNAPDIR/current/server.conf"
# Populate the else empty config file (uses database for content by default)
cp "$NCPATH/apps/spreedme/config/config.php.in" "$NCPATH/apps/spreedme/config/config.php"
# Place the key in the NC app config
sed -i "s|.*SPREED_WEBRTC_SHAREDSECRET.*| const SPREED_WEBRTC_SHAREDSECRET = '$SHAREDSECRET';|g" "$NCPATH/apps/spreedme/config/config.php"
# Allow to create temporary links
sed -i "s|const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED.*|const OWNCLOUD_TEMPORARY_PASSWORD_LOGIN_ENABLED = true;|g" "$NCPATH/apps/spreedme/config/config.php"
# Set temporary links hash
sed -i "s|const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY.*|const OWNCLOUD_TEMPORARY_PASSWORD_SIGNING_KEY = '$TEMPLINK';|g" "$NCPATH/apps/spreedme/config/config.php"
# Enable Apache mods
a2enmod proxy \
proxy_wstunnel \
proxy_http \
headers
# Add config to vhost
VHOST=/etc/apache2/spreedme.conf
if [ ! -f $VHOST ]
then
cat << VHOST > "$VHOST"
<Location /webrtc>
ProxyPass http://127.0.0.1:8080/webrtc
ProxyPassReverse /webrtc
</Location>
<Location /webrtc/ws>
ProxyPass ws://127.0.0.1:8080/webrtc/ws
</Location>
ProxyVia On
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
# RequestHeader set X-Forwarded-Proto 'https' # Use this if you are behind a (Nginx) reverse proxy with http backends
VHOST
fi
if ! grep -Fxq "Include $VHOST" /etc/apache2/apache2.conf
then
sed -i "145i Include $VHOST" "/etc/apache2/apache2.conf"
fi
# Restart services
restart_webserver
if ! systemctl restart snap.spreedme.spreed-webrtc.service
then
msg_box "Something is wrong, the installation did not finish correctly.
Please report this to $ISSUES"
exit 1
else
msg_box "Success! Spreed.ME is now installed and configured.
You may have to change SPREED_WEBRTC_ORIGIN in:
(sudo nano) $NCPATH/apps/spreedme/config/config.php"
exit 0
fi

35
old/test_connection.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
true
SCRIPT_NAME="Test connection"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
curl_to_dir() {
check_command curl -sSL "$1"/"$2" -o "$3"/"$2"
}
# Colors
Color_Off='\e[0m'
IRed='\e[0;91m'
IGreen='\e[0;92m'
ICyan='\e[0;96m'
print_text_in_color() {
printf "%b%s%b\n" "$1" "$2" "$Color_Off"
}
curl_to_dir google.com google.connectiontest /tmp
if [ ! -s /tmp/google.connectiontest ]
then
print_text_in_color "$IRed" "Not connected!"
else
print_text_in_color "$IGreen" "Connected!"
fi

52
torrent/create.sh
View File

@ -1,52 +0,0 @@
#!/bin/bash
# T&M Hansson IT AB © - 2024, https://www.hanssonit.se/
# GNU General Public License v3.0
# https://github.com/nextcloud/vm/blob/main/LICENSE
#########
## This doesn't seem to work in current state.
## Help is welcome!
# shellcheck source=lib.sh
# shellcheck disable=SC2046
source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh)
# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode
# Check if root
root_check
# Install dependencies
install_if_not transmission-cli
install_if_not transmission-daemon
# Download the VM
curl -fSLO --retry 3 https://download.kafit.se/s/dnkWptz8AK4JZDM/download
mv download NextcloudVM.zip
chown debian-transmission:debian-transmission NextcloudVM.zip
# Set more memory to sysctl
echo "net.core.rmem_max = 16777216" >> /etc/sysctl.conf
echo "net.core.wmem_max = 4194304" >> /etc/sysctl.conf
sysctl -p
# Create torrent
curl_to_dir "$GITHUB_REPO"/torrent trackers.txt /tmp
transmission-create -o nextcloudvmhanssonit.torrent -c "https://www.hanssonit.se/nextcloud-vm" -t $(cat /tmp/trackers.txt) NextcloudVM.zip
# Seed it!
transmission-remote -n 'transmission:transmission' -a nextcloudvmhanssonit.torrent
# Copy it to local NC account
install_if_not rsync
nextclouduser="$(input_box_flow "Please enter the Nextcloud user that you want to move the finished torrent file to:")"
rsync -av nextcloudvmhanssonit.torrent /mnt/ncdata/"$nextclouduser"/files/
chown www-data:www-data /mnt/ncdata/"$nextclouduser"/files/nextcloudvmhanssonit.torrent
nextcloud_occ files:scan "$nextclouduser"
unset nextclouduser

1
torrent/trackers.txt
View File

@ -1 +0,0 @@
http://atrack.pow7.com/announce -t http://bt.henbt.com:2710/announce -t http://bt.pusacg.org:8080/announce -t http://bt2.careland.com.cn:6969/announce -t http://explodie.org:6969/announce -t http://mgtracker.org:2710/announce -t http://mgtracker.org:6969/announce -t http://open.acgtracker.com:1096/announce -t http://open.lolicon.eu:7777/announce -t http://open.touki.ru/announce.php -t http://p4p.arenabg.ch:1337/announce -t http://p4p.arenabg.com:1337/announce -t http://pow7.com:80/announce -t http://retracker.gorcomnet.ru/announce -t http://retracker.krs-ix.ru/announce -t http://retracker.krs-ix.ru:80/announce -t http://secure.pow7.com/announce -t http://t1.pow7.com/announce -t http://t2.pow7.com/announce -t http://thetracker.org:80/announce -t http://torrent.gresille.org/announce -t http://torrentsmd.com:8080/announce -t http://tracker.aletorrenty.pl:2710/announce -t http://tracker.baravik.org:6970/announce -t http://tracker.bittor.pw:1337/announce -t http://tracker.bittorrent.am/announce -t http://tracker.calculate.ru:6969/announce -t http://tracker.dler.org:6969/announce -t http://tracker.dutchtracking.com/announce -t http://tracker.dutchtracking.com:80/announce -t http://tracker.dutchtracking.nl/announce -t http://tracker.dutchtracking.nl:80/announce -t http://tracker.edoardocolombo.eu:6969/announce -t http://tracker.ex.ua/announce -t http://tracker.ex.ua:80/announce -t http://tracker.filetracker.pl:8089/announce -t http://tracker.flashtorrents.org:6969/announce -t http://tracker.grepler.com:6969/announce -t http://tracker.internetwarriors.net:1337/announce -t http://tracker.kicks-ass.net/announce -t http://tracker.kicks-ass.net:80/announce -t http://tracker.kuroy.me:5944/announce -t http://tracker.mg64.net:6881/announce -t http://tracker.opentrackr.org:1337/announce -t http://tracker.skyts.net:6969/announce -t http://tracker.tfile.me/announce -t http://tracker.tiny-vps.com:6969/announce -t http://tracker.tvunderground.org.ru:3218/announce -t http://tracker.yoshi210.com:6969/announce -t http://tracker1.wasabii.com.tw:6969/announce -t http://tracker2.itzmx.com:6961/announce -t http://tracker2.wasabii.com.tw:6969/announce -t http://www.wareztorrent.com/announce -t http://www.wareztorrent.com:80/announce -t https://www.wareztorrent.com/announce -t udp://9.rarbg.com:2710/announce -t udp://9.rarbg.me:2780/announce -t udp://9.rarbg.to:2730/announce -t udp://91.218.230.81:6969/announce -t udp://94.23.183.33:6969/announce -t udp://bt.xxx-tracker.com:2710/announce -t udp://eddie4.nl:6969/announce -t udp://explodie.org:6969/announce -t udp://mgtracker.org:2710/announce -t udp://open.stealth.si:80/announce -t udp://p4p.arenabg.com:1337/announce -t udp://shadowshq.eddie4.nl:6969/announce -t udp://shadowshq.yi.org:6969/announce -t udp://torrent.gresille.org:80/announce -t udp://tracker.aletorrenty.pl:2710/announce -t udp://tracker.bittor.pw:1337/announce -t udp://tracker.coppersurfer.tk:6969/announce -t udp://tracker.eddie4.nl:6969/announce -t udp://tracker.ex.ua:80/announce -t udp://tracker.filetracker.pl:8089/announce -t udp://tracker.flashtorrents.org:6969/announce -t udp://tracker.grepler.com:6969/announce -t udp://tracker.ilibr.org:80/announce -t udp://tracker.internetwarriors.net:1337/announce -t udp://tracker.kicks-ass.net:80/announce -t udp://tracker.kuroy.me:5944/announce -t udp://tracker.leechers-paradise.org:6969/announce -t udp://tracker.mg64.net:2710/announce -t udp://tracker.mg64.net:6969/announce -t udp://tracker.opentrackr.org:1337/announce -t udp://tracker.piratepublic.com:1337/announce -t udp://tracker.sktorrent.net:6969/announce -t udp://tracker.skyts.net:6969/announce -t udp://tracker.tiny-vps.com:6969/announce -t udp://tracker.yoshi210.com:6969/announce -t udp://tracker2.indowebster.com:6969/announce -t udp://tracker4.piratux.com:6969/announce -t udp://zer0day.ch:1337/announce -t udp://zer0day.to:1337/announce

21
vagrant/README.md
View File

@ -1,21 +0,0 @@
# Nextcloud VM with vagrant
This subrepo contains all the Vagrant config to get an Ubuntu 20.04 VM with the latest version of Nextcloud installed.
**Please note that this is __not__ the preferred way to install Nextcloud. It's also untested in the current state.**
# Setup
`vagrant up` will install everything
Go to [https://localhost:8080/](https://localhost:8080/) and access Nextcloud with credentials `ncadmin / nextcloud`
# Information
- `VagrantFile` contains instructions to run an inline script: `install.sh`
- `install.sh` does the following
- Clones https://github.com/nextcloud/vm
- Runs `yes no | sudo bash nextcloud_install_production.sh` which uses the default values for each prompt
See https://raw.githubusercontent.com/nextcloud/vm/main/lib.sh for default values.
# Special thanks to
@gjgd for providing https://github.com/gjgd/vagrant-nextcloud which this is based upon

11
vagrant/Vagrantfile vendored
View File

@ -1,11 +0,0 @@
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/focal64"
config.vm.network "forwarded_port", guest: 443, host: 8080
config.vm.provision "shell", path: "install.sh"
config.vm.provider "virtualbox" do |vb|
vb.memory = "2048"
end
config.vm.provider "vmware_desktop" do |v|
v.vmx["memsize"] = "2048"
end
end

12
vagrant/install.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
true
SCRIPT_NAME="Install NcVM with Vagrant"
# shellcheck source=lib.sh
source /var/scripts/fetch_lib.sh
check_command git clone https://github.com/nextcloud/vm.git
cd vm || exit && print_text_in_color "$IRed" "Could not cd into the 'vm' folder."
sudo bash nextcloud_install_production.sh --provisioning